Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Pet Project

Pet Project

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 24 January 2008 - 10:38 PM

So I have this Virtumonde infection that seems to spread through just about every program I try to run. Now that I have Spyware Doctor I get notifications that things like Firefox, EXPLORER.EXE, even HijackThis are trying to accept this file:

C:/WINDOWS/SYSTEM32/ssttu.dll

I also get a "ERROR BAD IMAGE" message when I try to open firefox and it tells me something about the ssttu again. I did some research on the web and ssttu and ssttu.dll seem to be some usual suspects in so pretty bad viruses.

I can't delete it. VundoFix couldn't kill it either. I've tried several different programs to no avail. So as a last resort we have this!

Any help at all is incredibly appreciated!

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:17 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX .exe
C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {6BF560E3-5BFB-4975-842F-05DDAABAEAAA} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA14C86A-52B5-4C63-BF68-C6CB5C2981BE} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D12E9370-047B-4976-BA3F-B572B76F1181} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ErrorSweeper] C:\Program Files\ErrorSweeper\ErrorSweeper.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O20 - Winlogon Notify: aefylwom - C:\WINDOWS\
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9984 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 25 January 2008 - 12:19 AM

Hello Pet Project,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 25 January 2008 - 05:21 PM

Thank you very much. Some one may want to check the ComboFix from the first link though. My Spyware Doctor went crazy in messages saying it was infected with a trojan. I erased it and downloaded from the second link and if finally worked (hence why all of this took so long! Ahaha, anyways here are the logs-

----

ComboFix 08-01-23.1C - Binky Bunny 2008-01-25 16:39:23.4 - NTFSx86
Running from: C:\Documents and Settings\Binky Bunny\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.exe
C:\WINDOWS\SYSTEM32\uttss.ini
C:\WINDOWS\SYSTEM32\uttss.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 17:01 . 2008-01-25 17:01 335,360 --a------ C:\WINDOWS\SYSTEM32\ssttu.exe
2008-01-25 17:00 . 2008-01-25 17:00 319 --ahs---- C:\WINDOWS\SYSTEM32\uttss.ini2
2008-01-25 17:00 . 2008-01-25 17:04 319 --ahs---- C:\WINDOWS\SYSTEM32\uttss.ini
2008-01-25 16:59 . 2008-01-25 16:59 331,776 --a------ C:\WINDOWS\SYSTEM32\ssttu.dll
2008-01-25 15:19 . 2008-01-25 15:19 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-25 14:26 . 2008-01-25 17:02 388,608 --a------ C:\WINDOWS\SYSTEM32\cmd .exe
2008-01-25 13:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:22 . 2008-01-24 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 18:47 . 2008-01-23 19:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-01-21 20:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-21 20:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-21 20:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-21 20:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-21 20:45 . 2008-01-25 17:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-01-21 11:58 . 2008-01-21 20:38 <DIR> d-------- C:\Program Files\ErrorSweeper
2008-01-13 12:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-13 12:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-13 02:04 . 2008-01-14 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 12:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-11 21:51 . 2008-01-13 03:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-08 20:09 . 2008-01-13 13:09 <DIR> d-------- C:\Program Files\MagicISO
2008-01-08 12:40 . 2008-01-08 12:40 <DIR> d-------- C:\Program Files\langmaor
2008-01-08 02:54 . 2008-01-21 11:32 1,009,222 --ahs---- C:\WINDOWS\SYSTEM32\pjwgxuus.ini
2008-01-04 01:39 . 2008-01-07 14:36 1,038,682 --ahs---- C:\WINDOWS\SYSTEM32\kcpvakmd.ini
2008-01-02 19:32 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-02 17:27 . 2008-01-02 17:27 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-02 17:17 . 2008-01-02 17:17 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-31 00:36 . 2008-01-01 19:01 1,031,259 --ahs---- C:\WINDOWS\SYSTEM32\xaqyvnsi.ini
2007-12-25 14:16 . 2007-12-25 14:16 <DIR> d-------- C:\Program Files\Western Digital Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 22:01 749,056 ----a-w C:\WINDOWS\SYSTEM32\cmd.exe
2008-01-25 22:01 451,072 ----a-w C:\WINDOWS\SYSTEM32\igfxpers.exe
2008-01-25 22:01 430,592 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-25 22:01 414,208 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-25 22:00 94,208 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-25 22:00 77,824 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-25 22:00 114,688 ----a-w C:\WINDOWS\SYSTEM32\igfxpers .exe
2008-01-25 22:00 --------- d-----w C:\Program Files\QuickTime
2008-01-25 21:37 --------- d-----w C:\Program Files\Google
2008-01-25 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 01:43 --------- d-----w C:\Program Files\Zune
2008-01-21 16:44 496,128 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSConfig .exe
2008-01-21 16:36 --------- d-----w C:\Program Files\McAfee
2008-01-09 00:41 --------- d-----w C:\Program Files\Webroot
2008-01-02 22:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 22:17 --------- d-----w C:\Program Files\America Online 9.0a
2008-01-02 22:13 --------- d-----w C:\Program Files\HP
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-19 22:52 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-12-18 19:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-06 01:16 --------- d-----w C:\Program Files\RO
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
<pre>
----a-w		 1,404,928 2008-01-25 21:59:50  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			81,920 2008-01-25 22:00:11  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2008-01-25 21:59:57  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w		   244,512 2008-01-25 22:00:49  C:\Program Files\Common Files\Logitech\LComMgr\LVComSX .exe
----a-w		 2,581,736 2008-01-21 17:28:26  C:\Program Files\ErrorSweeper\ErrorSweeper .exe
----a-w		 1,101,824 2008-01-02 21:45:35  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen .exe
----a-w		 3,739,648 2008-01-05 20:01:21  C:\Program Files\Google\Google Talk\googletalk .exe
----a-w			49,152 2008-01-02 21:45:15  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   132,496 2008-01-23 19:42:08  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   746,520 2008-01-25 22:00:49  C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe
----a-w		   649,216 2008-01-25 22:00:38  C:\Program Files\QuickTime\qttask														   .exe
----a-w		   649,216 2008-01-25 21:40:24  C:\Program Files\QuickTime\qttask														  .exe
----a-w		   649,216 2008-01-25 19:23:15  C:\Program Files\QuickTime\qttask														 .exe
----a-w		   649,216 2008-01-25 11:44:56  C:\Program Files\QuickTime\qttask														.exe
----a-w		   649,216 2008-01-24 11:50:46  C:\Program Files\QuickTime\qttask													   .exe
----a-w		   649,216 2008-01-24 01:42:33  C:\Program Files\QuickTime\qttask													  .exe
----a-w		   649,216 2008-01-23 23:11:30  C:\Program Files\QuickTime\qttask													 .exe
----a-w		   649,216 2008-01-23 19:38:43  C:\Program Files\QuickTime\qttask													.exe
----a-w		   649,216 2008-01-22 19:43:28  C:\Program Files\QuickTime\qttask												   .exe
----a-w		   649,216 2008-01-22 06:01:50  C:\Program Files\QuickTime\qttask												  .exe
----a-w		   649,216 2008-01-22 03:55:21  C:\Program Files\QuickTime\qttask												 .exe
----a-w		   649,216 2008-01-22 03:18:30  C:\Program Files\QuickTime\qttask												.exe
----a-w		   649,216 2008-01-22 00:17:23  C:\Program Files\QuickTime\qttask											   .exe
----a-w		   649,216 2008-01-21 23:59:57  C:\Program Files\QuickTime\qttask											  .exe
----a-w		   649,216 2008-01-21 19:15:39  C:\Program Files\QuickTime\qttask											 .exe
----a-w		   649,216 2008-01-21 18:17:00  C:\Program Files\QuickTime\qttask											.exe
----a-w		   649,216 2008-01-21 17:36:21  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   649,216 2008-01-21 17:09:04  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   649,216 2008-01-21 16:44:46  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   649,216 2008-01-21 16:36:31  C:\Program Files\QuickTime\qttask										.exe
----a-w		   649,216 2008-01-21 16:18:50  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   649,216 2008-01-18 18:40:31  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   649,216 2008-01-17 20:06:10  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   649,216 2008-01-16 20:11:38  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-01-16 11:33:04  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   649,216 2008-01-15 19:52:30  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   649,216 2008-01-14 19:58:54  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   649,216 2008-01-14 08:14:01  C:\Program Files\QuickTime\qttask								.exe
----a-w		   649,216 2008-01-13 17:17:48  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   649,216 2008-01-09 19:37:18  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   649,216 2008-01-08 23:51:32  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   649,216 2008-01-07 19:35:39  C:\Program Files\QuickTime\qttask							.exe
----a-w		   649,216 2008-01-06 16:16:38  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   649,216 2008-01-06 07:53:34  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   649,216 2008-01-06 07:28:47  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   649,216 2008-01-05 21:29:38  C:\Program Files\QuickTime\qttask						.exe
----a-w		   649,216 2008-01-05 20:00:23  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   649,216 2008-01-04 23:58:34  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   649,216 2008-01-04 18:49:35  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   649,216 2008-01-03 18:23:55  C:\Program Files\QuickTime\qttask					.exe
----a-w		   649,216 2008-01-03 00:54:56  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   649,216 2008-01-02 22:22:22  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   649,216 2008-01-02 21:38:43  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   649,216 2008-01-02 21:24:30  C:\Program Files\QuickTime\qttask				.exe
----a-w		   649,216 2008-01-02 17:49:04  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   649,216 2008-01-01 17:39:02  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   649,216 2007-12-31 17:42:16  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   649,216 2007-12-30 17:07:27  C:\Program Files\QuickTime\qttask			.exe
----a-w		   649,216 2007-12-29 17:20:54  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   649,216 2007-12-28 15:49:25  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   649,216 2007-12-27 16:44:00  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   649,216 2007-12-26 16:42:06  C:\Program Files\QuickTime\qttask		.exe
----a-w		   649,216 2007-12-25 14:19:41  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   649,216 2007-12-24 16:21:00  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   649,216 2007-12-23 16:21:32  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   649,216 2007-12-22 17:33:23  C:\Program Files\QuickTime\qttask	.exe
----a-w		   649,216 2007-12-22 16:57:49  C:\Program Files\QuickTime\qttask   .exe
----a-w		   649,216 2007-12-21 19:44:32  C:\Program Files\QuickTime\qttask  .exe
----a-w		   649,216 2007-12-21 11:28:03  C:\Program Files\QuickTime\qttask .exe
----a-w			36,904 2008-01-25 22:00:51  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w		 1,460,560 2008-01-22 03:19:09  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,065,288 2008-01-25 22:01:07  C:\Program Files\Spyware Doctor\SDTrayApp .exe
----a-w			20,752 2008-01-23 23:15:09  C:\Program Files\Zune\ZuneLauncher .exe
----a-w		   496,128 2008-01-21 16:44:58  C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSConfig .exe
----a-w		   388,608 2008-01-25 22:02:53  C:\WINDOWS\SYSTEM32\cmd .exe
----a-w			15,360 2007-12-31 17:43:02  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w			77,824 2008-01-25 22:00:17  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   114,688 2008-01-25 22:00:23  C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w			94,208 2008-01-25 22:00:15  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E35D349-D254-437E-9871-3FFF7CB26B45}]
2008-01-25 16:59 331776 --a------ C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA14C86A-52B5-4C63-BF68-C6CB5C2981BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D12E9370-047B-4976-BA3F-B572B76F1181}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-25 17:00 1743360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-25 17:00 649216]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-25 17:00 583168]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-25 16:40 419840]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-25 17:01 430592]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-25 17:01 414208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-25 17:01 451072]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-25 17:01 1098752]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-25 17:01 581632]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-25 17:01 398848]
"ErrorSweeper"="C:\Program Files\ErrorSweeper\ErrorSweeper.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-25 17:01 1619456]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 05:00 388608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aefylwom]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssttu.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssttu

[HKLM\~\startupfolder\C:^Documents and Settings^Binky Bunny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcf0f3d0]
C:\WINDOWS\system32\suuxgwjp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"AOL ACS"=2 (0x2)

S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 04:56]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RagnarokOnline\npkycryp.sys []

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 17:29:20 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper .ex
- C:\Program Files\ErrorSweeper
"2008-01-15 06:48:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 17:03:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 17:13:11 - machine was rebooted [Binky Bunny]
ComboFix-quarantined-files.txt 2008-01-25 22:12:57
.
2008-01-14 08:05:55 --- E O F ---


++++++++++++++++++++++++++++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:59 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX .exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ErrorSweeper] C:\Program Files\ErrorSweeper\ErrorSweeper.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O20 - Winlogon Notify: aefylwom - C:\WINDOWS\
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9198 bytes

Edited by Pet Project, 25 January 2008 - 08:05 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 28 January 2008 - 03:37 PM

Hello,

Thanks for letting me know about the link. :wacko: You're most welcome for the help. :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

RenV::
----a-w 1,404,928 2008-01-25 21:59:50 C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w 81,920 2008-01-25 22:00:11 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 221,184 2008-01-25 21:59:57 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w 244,512 2008-01-25 22:00:49 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX .exe
----a-w 2,581,736 2008-01-21 17:28:26 C:\Program Files\ErrorSweeper\ErrorSweeper .exe
----a-w 1,101,824 2008-01-02 21:45:35 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen .exe
----a-w 3,739,648 2008-01-05 20:01:21 C:\Program Files\Google\Google Talk\googletalk .exe
----a-w 49,152 2008-01-02 21:45:15 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 132,496 2008-01-23 19:42:08 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 746,520 2008-01-25 22:00:49 C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe
----a-w 649,216 2008-01-25 22:00:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 21:40:24 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 19:23:15 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 11:44:56 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-24 11:50:46 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-24 01:42:33 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-23 23:11:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-23 19:38:43 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 19:43:28 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 06:01:50 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 03:55:21 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 03:18:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 00:17:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 23:59:57 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 19:15:39 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 18:17:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 17:36:21 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 17:09:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:44:46 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:36:31 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:18:50 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-18 18:40:31 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-17 20:06:10 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-16 20:11:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-16 11:33:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-15 19:52:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-14 19:58:54 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-14 08:14:01 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-13 17:17:48 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-09 19:37:18 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-08 23:51:32 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-07 19:35:39 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 16:16:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 07:53:34 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 07:28:47 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-05 21:29:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-05 20:00:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-04 23:58:34 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-04 18:49:35 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-03 18:23:55 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-03 00:54:56 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 22:22:22 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 21:38:43 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 21:24:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 17:49:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-01 17:39:02 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-31 17:42:16 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-30 17:07:27 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-29 17:20:54 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-28 15:49:25 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-27 16:44:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-26 16:42:06 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-25 14:19:41 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-24 16:21:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-23 16:21:32 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-22 17:33:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-22 16:57:49 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-21 19:44:32 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-21 11:28:03 C:\Program Files\QuickTime\qttask .exe
----a-w 36,904 2008-01-25 22:00:51 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w 1,460,560 2008-01-22 03:19:09 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,065,288 2008-01-25 22:01:07 C:\Program Files\Spyware Doctor\SDTrayApp .exe
----a-w 20,752 2008-01-23 23:15:09 C:\Program Files\Zune\ZuneLauncher .exe
----a-w 496,128 2008-01-21 16:44:58 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSConfig .exe
----a-w 388,608 2008-01-25 22:02:53 C:\WINDOWS\SYSTEM32\cmd .exe
----a-w 15,360 2007-12-31 17:43:02 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 77,824 2008-01-25 22:00:17 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 114,688 2008-01-25 22:00:23 C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w 94,208 2008-01-25 22:00:15 C:\WINDOWS\SYSTEM32\igfxtray .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E35D349-D254-437E-9871-3FFF7CB26B45}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA14C86A-52B5-4C63-BF68-C6CB5C2981BE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D12E9370-047B-4976-BA3F-B572B76F1181}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aefylwom]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcf0f3d0]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? :blink:

Thanks,
tea

Edited by teacup61, 28 January 2008 - 03:38 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 29 January 2008 - 04:17 PM

Thank you-- It seems to be a little faster but I keep getting this message every time my computer turns on:

"BAD IMAGE Jusched.exe"

and something to this affect: "C:\windows\system31\ssttu.dll is not a valid windows image. Please check this against your installation booklet"

ssttu.dll is one of the things that had been giving me problems . . . and I think jusched.exe is my Java, but my Java is up to date: Everyday I run Spyware Doctor and more virtumonde things can be found. It's running me ragged. xD

Here are the logs:

ComboFix 08-01-23.1C - Binky Bunny 2008-01-28 21:27:00.1 - NTFSx86
Running from: C:\Documents and Settings\Binky Bunny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Binky Bunny\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\kcpvakmd.ini
C:\WINDOWS\SYSTEM32\pjwgxuus.ini
C:\WINDOWS\SYSTEM32\uttss.ini2
C:\WINDOWS\SYSTEM32\xaqyvnsi.ini
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 20:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 20:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 15:19 . 2008-01-25 17:59 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-24 22:22 . 2008-01-24 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 18:47 . 2008-01-23 19:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-01-21 20:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-21 20:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-21 20:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-21 20:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-21 20:45 . 2008-01-28 17:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-01-21 11:58 . 2008-01-28 17:15 <DIR> d-------- C:\Program Files\ErrorSweeper
2008-01-13 12:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-13 12:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-13 02:04 . 2008-01-14 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 12:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-11 21:51 . 2008-01-13 03:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-08 20:09 . 2008-01-13 13:09 <DIR> d-------- C:\Program Files\MagicISO
2008-01-08 12:40 . 2008-01-08 12:40 <DIR> d-------- C:\Program Files\langmaor
2008-01-02 19:32 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-02 17:27 . 2008-01-02 17:27 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-02 17:17 . 2008-01-02 17:17 2 --a------ C:\WINDOWS\msoffice.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 23:24 --------- d-----w C:\Program Files\QuickTime
2008-01-28 22:15 --------- d-----w C:\Program Files\Zune
2008-01-26 17:29 94,208 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-26 17:29 77,824 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-26 17:29 114,688 ----a-w C:\WINDOWS\SYSTEM32\igfxpers.exe
2008-01-26 01:40 --------- d-----w C:\Program Files\Java
2008-01-25 21:55 --------- d-----w C:\Program Files\Google
2008-01-25 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 16:36 --------- d-----w C:\Program Files\McAfee
2008-01-09 00:41 --------- d-----w C:\Program Files\Webroot
2008-01-02 22:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 22:17 --------- d-----w C:\Program Files\America Online 9.0a
2008-01-02 22:13 --------- d-----w C:\Program Files\HP
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-25 19:16 --------- d-----w C:\Program Files\Western Digital Technologies
2007-12-19 22:52 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-12-18 19:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-06 01:16 --------- d-----w C:\Program Files\RO
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
<pre>
----a-w		   144,784 2008-01-28 23:25:12  C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w		   286,720 2008-01-28 23:24:40  C:\Program Files\QuickTime\qttask															 .exe
----a-w		   649,216 2008-01-26 17:30:21  C:\Program Files\QuickTime\qttask															.exe
----a-w		   649,216 2008-01-25 22:00:38  C:\Program Files\QuickTime\qttask														   .exe
----a-w		   649,216 2008-01-25 21:40:24  C:\Program Files\QuickTime\qttask														  .exe
----a-w		   649,216 2008-01-25 19:23:15  C:\Program Files\QuickTime\qttask														 .exe
----a-w		   649,216 2008-01-25 11:44:56  C:\Program Files\QuickTime\qttask														.exe
----a-w		   649,216 2008-01-24 11:50:46  C:\Program Files\QuickTime\qttask													   .exe
----a-w		   649,216 2008-01-24 01:42:33  C:\Program Files\QuickTime\qttask													  .exe
----a-w		   649,216 2008-01-23 23:11:30  C:\Program Files\QuickTime\qttask													 .exe
----a-w		   649,216 2008-01-23 19:38:43  C:\Program Files\QuickTime\qttask													.exe
----a-w		   649,216 2008-01-22 19:43:28  C:\Program Files\QuickTime\qttask												   .exe
----a-w		   649,216 2008-01-22 06:01:50  C:\Program Files\QuickTime\qttask												  .exe
----a-w		   649,216 2008-01-22 03:55:21  C:\Program Files\QuickTime\qttask												 .exe
----a-w		   649,216 2008-01-22 03:18:30  C:\Program Files\QuickTime\qttask												.exe
----a-w		   649,216 2008-01-22 00:17:23  C:\Program Files\QuickTime\qttask											   .exe
----a-w		   649,216 2008-01-21 23:59:57  C:\Program Files\QuickTime\qttask											  .exe
----a-w		   649,216 2008-01-21 19:15:39  C:\Program Files\QuickTime\qttask											 .exe
----a-w		   649,216 2008-01-21 18:17:00  C:\Program Files\QuickTime\qttask											.exe
----a-w		   649,216 2008-01-21 17:36:21  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   649,216 2008-01-21 17:09:04  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   649,216 2008-01-21 16:44:46  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   649,216 2008-01-21 16:36:31  C:\Program Files\QuickTime\qttask										.exe
----a-w		   649,216 2008-01-21 16:18:50  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   649,216 2008-01-18 18:40:31  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   649,216 2008-01-17 20:06:10  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   649,216 2008-01-16 20:11:38  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-01-16 11:33:04  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   649,216 2008-01-15 19:52:30  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   649,216 2008-01-14 19:58:54  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   649,216 2008-01-14 08:14:01  C:\Program Files\QuickTime\qttask								.exe
----a-w		   649,216 2008-01-13 17:17:48  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   649,216 2008-01-09 19:37:18  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   649,216 2008-01-08 23:51:32  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   649,216 2008-01-07 19:35:39  C:\Program Files\QuickTime\qttask							.exe
----a-w		   649,216 2008-01-06 16:16:38  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   649,216 2008-01-06 07:53:34  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   649,216 2008-01-06 07:28:47  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   649,216 2008-01-05 21:29:38  C:\Program Files\QuickTime\qttask						.exe
----a-w		   649,216 2008-01-05 20:00:23  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   649,216 2008-01-04 23:58:34  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   649,216 2008-01-04 18:49:35  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   649,216 2008-01-03 18:23:55  C:\Program Files\QuickTime\qttask					.exe
----a-w		   649,216 2008-01-03 00:54:56  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   649,216 2008-01-02 22:22:22  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   649,216 2008-01-02 21:38:43  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   649,216 2008-01-02 21:24:30  C:\Program Files\QuickTime\qttask				.exe
----a-w		   649,216 2008-01-02 17:49:04  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   649,216 2008-01-01 17:39:02  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   649,216 2007-12-31 17:42:16  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   649,216 2007-12-30 17:07:27  C:\Program Files\QuickTime\qttask			.exe
----a-w		   649,216 2007-12-29 17:20:54  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   649,216 2007-12-28 15:49:25  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   649,216 2007-12-27 16:44:00  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   649,216 2007-12-26 16:42:06  C:\Program Files\QuickTime\qttask		.exe
----a-w		   649,216 2007-12-25 14:19:41  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   649,216 2007-12-24 16:21:00  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   649,216 2007-12-23 16:21:32  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   649,216 2007-12-22 17:33:23  C:\Program Files\QuickTime\qttask	.exe
----a-w		   649,216 2007-12-22 16:57:49  C:\Program Files\QuickTime\qttask   .exe
----a-w		   649,216 2007-12-21 19:44:32  C:\Program Files\QuickTime\qttask  .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-01-02 16:45 1101824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-26 12:30 1404928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-28 18:24 286720]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-28 10:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-26 12:29 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-26 12:29 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-26 12:29 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-26 12:29 114688]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-26 12:30 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-26 12:30 244512]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-23 18:15 20752]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-27 23:48 36904]
"ErrorSweeper"="C:\Program Files\ErrorSweeper\ErrorSweeper.exe" [2008-01-21 12:28 2581736]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-26 12:30 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-26 12:30 484352]

[HKLM\~\startupfolder\C:^Documents and Settings^Binky Bunny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"AOL ACS"=2 (0x2)

S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 04:56]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RagnarokOnline\npkycryp.sys []

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 08:30:52 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper .ex
- C:\Program Files\ErrorSweeper
"2008-01-15 06:48:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-01 06:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 21:36:35
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 21:39:47
ComboFix-quarantined-files.txt 2008-01-29 02:39:39
ComboFix2.txt 2008-01-25 22:13:13
.
2008-01-14 08:05:55 --- E O F ---

++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:52 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ErrorSweeper] C:\Program Files\ErrorSweeper\ErrorSweeper.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9523 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 30 January 2008 - 02:07 AM

Hello,

Let's try this again. :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

RenV::
----a-w 144,784 2008-01-28 23:25:12 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w 286,720 2008-01-28 23:24:40 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-26 17:30:21 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 22:00:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 21:40:24 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 19:23:15 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-25 11:44:56 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-24 11:50:46 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-24 01:42:33 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-23 23:11:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-23 19:38:43 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 19:43:28 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 06:01:50 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 03:55:21 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 03:18:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-22 00:17:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 23:59:57 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 19:15:39 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 18:17:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 17:36:21 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 17:09:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:44:46 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:36:31 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-21 16:18:50 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-18 18:40:31 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-17 20:06:10 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-16 20:11:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-16 11:33:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-15 19:52:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-14 19:58:54 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-14 08:14:01 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-13 17:17:48 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-09 19:37:18 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-08 23:51:32 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-07 19:35:39 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 16:16:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 07:53:34 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-06 07:28:47 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-05 21:29:38 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-05 20:00:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-04 23:58:34 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-04 18:49:35 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-03 18:23:55 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-03 00:54:56 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 22:22:22 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 21:38:43 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 21:24:30 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-02 17:49:04 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2008-01-01 17:39:02 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-31 17:42:16 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-30 17:07:27 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-29 17:20:54 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-28 15:49:25 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-27 16:44:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-26 16:42:06 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-25 14:19:41 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-24 16:21:00 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-23 16:21:32 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-22 17:33:23 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-22 16:57:49 C:\Program Files\QuickTime\qttask .exe
----a-w 649,216 2007-12-21 19:44:32 C:\Program Files\QuickTime\qttask .exe

File::
C:\WINDOWS\system32\ssttu.exe

Folder::
C:\Program Files\ErrorSweeper


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 30 January 2008 - 09:22 PM

All right, on start up it didn't show that message this time. Must be a good sign!

Here are the logs--

ComboFix 08-01-23.1C - Binky Bunny 2008-01-30 16:23:29.1 - NTFSx86
Running from: C:\Documents and Settings\Binky Bunny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Binky Bunny\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\ssttu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ErrorSweeper
C:\Program Files\ErrorSweeper\ErrorSweeper.exe
C:\Program Files\ErrorSweeper\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\ErrorSweeper\TCL.dll
C:\Program Files\ErrorSweeper\zlib.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 16:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 20:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 15:19 . 2008-01-25 17:59 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-24 22:22 . 2008-01-24 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 18:47 . 2008-01-23 19:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-01-21 20:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-21 20:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-21 20:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-21 20:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-21 20:45 . 2008-01-29 15:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-01-13 12:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-13 12:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-13 02:04 . 2008-01-14 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 12:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-11 21:51 . 2008-01-13 03:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-08 20:09 . 2008-01-13 13:09 <DIR> d-------- C:\Program Files\MagicISO
2008-01-08 12:40 . 2008-01-08 12:40 <DIR> d-------- C:\Program Files\langmaor
2008-01-02 19:32 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-02 17:27 . 2008-01-02 17:27 <DIR> d-------- C:\Program Files\CONEXANT
2008-01-02 17:17 . 2008-01-02 17:17 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-25 14:16 . 2007-12-25 14:16 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-20 15:07 . 2008-01-26 12:29 114,688 --a------ C:\WINDOWS\SYSTEM32\igfxpers.exe
2007-12-20 15:07 . 2008-01-26 12:29 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2007-12-20 15:07 . 2008-01-26 12:29 77,824 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2007-12-20 15:07 . 2007-12-31 12:43 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-20 15:07 . 2007-12-31 12:43 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-19 17:52 . 2007-12-19 17:52 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-12-19 17:49 . 2007-12-19 17:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\daSgo18
2007-12-15 18:44 . 2007-12-15 18:47 68,853 --------- C:\WINDOWS\hpoins05.dat.temp
2007-12-15 18:44 . 2004-12-14 10:39 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2007-12-08 13:20 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-12-08 13:20 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2007-12-03 22:24 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-03 22:24 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-12-03 22:24 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2007-12-03 22:24 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-03 22:24 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-03 22:24 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-03 22:24 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-03 22:24 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-03 22:24 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-02 15:43 . 2007-12-05 20:16 <DIR> d-------- C:\Program Files\RO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 23:24 --------- d-----w C:\Program Files\QuickTime
2008-01-28 22:15 --------- d-----w C:\Program Files\Zune
2008-01-26 01:40 --------- d-----w C:\Program Files\Java
2008-01-25 21:55 --------- d-----w C:\Program Files\Google
2008-01-25 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 16:36 --------- d-----w C:\Program Files\McAfee
2008-01-09 00:41 --------- d-----w C:\Program Files\Webroot
2008-01-02 22:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 22:17 --------- d-----w C:\Program Files\America Online 9.0a
2008-01-02 22:13 --------- d-----w C:\Program Files\HP
2007-12-18 19:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
<pre>
----a-w		   286,720 2008-01-28 23:24:40  C:\Program Files\QuickTime\qttask															 .exe
----a-w		   649,216 2008-01-26 17:30:21  C:\Program Files\QuickTime\qttask															.exe
----a-w		   649,216 2008-01-25 22:00:38  C:\Program Files\QuickTime\qttask														   .exe
----a-w		   649,216 2008-01-25 21:40:24  C:\Program Files\QuickTime\qttask														  .exe
----a-w		   649,216 2008-01-25 19:23:15  C:\Program Files\QuickTime\qttask														 .exe
----a-w		   649,216 2008-01-25 11:44:56  C:\Program Files\QuickTime\qttask														.exe
----a-w		   649,216 2008-01-24 11:50:46  C:\Program Files\QuickTime\qttask													   .exe
----a-w		   649,216 2008-01-24 01:42:33  C:\Program Files\QuickTime\qttask													  .exe
----a-w		   649,216 2008-01-23 23:11:30  C:\Program Files\QuickTime\qttask													 .exe
----a-w		   649,216 2008-01-23 19:38:43  C:\Program Files\QuickTime\qttask													.exe
----a-w		   649,216 2008-01-22 19:43:28  C:\Program Files\QuickTime\qttask												   .exe
----a-w		   649,216 2008-01-22 06:01:50  C:\Program Files\QuickTime\qttask												  .exe
----a-w		   649,216 2008-01-22 03:55:21  C:\Program Files\QuickTime\qttask												 .exe
----a-w		   649,216 2008-01-22 03:18:30  C:\Program Files\QuickTime\qttask												.exe
----a-w		   649,216 2008-01-22 00:17:23  C:\Program Files\QuickTime\qttask											   .exe
----a-w		   649,216 2008-01-21 23:59:57  C:\Program Files\QuickTime\qttask											  .exe
----a-w		   649,216 2008-01-21 19:15:39  C:\Program Files\QuickTime\qttask											 .exe
----a-w		   649,216 2008-01-21 18:17:00  C:\Program Files\QuickTime\qttask											.exe
----a-w		   649,216 2008-01-21 17:36:21  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   649,216 2008-01-21 17:09:04  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   649,216 2008-01-21 16:44:46  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   649,216 2008-01-21 16:36:31  C:\Program Files\QuickTime\qttask										.exe
----a-w		   649,216 2008-01-21 16:18:50  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   649,216 2008-01-18 18:40:31  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   649,216 2008-01-17 20:06:10  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   649,216 2008-01-16 20:11:38  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-01-16 11:33:04  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   649,216 2008-01-15 19:52:30  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   649,216 2008-01-14 19:58:54  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   649,216 2008-01-14 08:14:01  C:\Program Files\QuickTime\qttask								.exe
----a-w		   649,216 2008-01-13 17:17:48  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   649,216 2008-01-09 19:37:18  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   649,216 2008-01-08 23:51:32  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   649,216 2008-01-07 19:35:39  C:\Program Files\QuickTime\qttask							.exe
----a-w		   649,216 2008-01-06 16:16:38  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   649,216 2008-01-06 07:53:34  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   649,216 2008-01-06 07:28:47  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   649,216 2008-01-05 21:29:38  C:\Program Files\QuickTime\qttask						.exe
----a-w		   649,216 2008-01-05 20:00:23  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   649,216 2008-01-04 23:58:34  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   649,216 2008-01-04 18:49:35  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   649,216 2008-01-03 18:23:55  C:\Program Files\QuickTime\qttask					.exe
----a-w		   649,216 2008-01-03 00:54:56  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   649,216 2008-01-02 22:22:22  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   649,216 2008-01-02 21:38:43  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   649,216 2008-01-02 21:24:30  C:\Program Files\QuickTime\qttask				.exe
----a-w		   649,216 2008-01-02 17:49:04  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   649,216 2008-01-01 17:39:02  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   649,216 2007-12-31 17:42:16  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   649,216 2007-12-30 17:07:27  C:\Program Files\QuickTime\qttask			.exe
----a-w		   649,216 2007-12-29 17:20:54  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   649,216 2007-12-28 15:49:25  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   649,216 2007-12-27 16:44:00  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   649,216 2007-12-26 16:42:06  C:\Program Files\QuickTime\qttask		.exe
----a-w		   649,216 2007-12-25 14:19:41  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   649,216 2007-12-24 16:21:00  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   649,216 2007-12-23 16:21:32  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   649,216 2007-12-22 17:33:23  C:\Program Files\QuickTime\qttask	.exe
----a-w		   649,216 2007-12-22 16:57:49  C:\Program Files\QuickTime\qttask   .exe
----a-w		   649,216 2007-12-21 19:44:32  C:\Program Files\QuickTime\qttask  .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-01-02 16:45 1101824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-31 12:43 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-26 12:30 1404928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-28 18:24 286720]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-28 10:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-26 12:29 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-26 12:29 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-26 12:29 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-26 12:29 114688]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-26 12:30 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-26 12:30 244512]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-23 18:15 20752]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-27 23:48 36904]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-26 12:30 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-29 14:45 144784]

[HKLM\~\startupfolder\C:^Documents and Settings^Binky Bunny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"AOL ACS"=2 (0x2)

S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 04:56]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RagnarokOnline\npkycryp.sys []

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 08:30:52 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper .ex
- C:\Program Files\ErrorSweeper
"2008-01-15 06:48:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:35:10
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 16:38:21
ComboFix-quarantined-files.txt 2008-01-30 21:38:13
ComboFix2.txt 2008-01-29 02:39:49
ComboFix3.txt 2008-01-25 22:13:13
.
2008-01-14 08:05:55 --- E O F ---

+++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:26 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9566 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 31 January 2008 - 01:38 AM

Hello,

Yep, getting better. :thumbsup:

Please download and run Bit Defender 8 online scanner
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 01 February 2008 - 07:48 PM

All right, so what you're getting is the log from the first scan. You see the first scan I had to stop manually because it was freezing up. So I saved that log and then started it back up. The only problems the second scan kept finding was Trojans in old System Restore files . . . and this scan went on for 12 hours and still didn't stop. I went to pause it and it froze up and stopped working . . . so it didn't give me a log. I went and cleared all of my old system restore points just in case there were more . . . so, I don't have the second log but that's all that was on them:

Here's the first log:

BitDefender Online Scanner







Scan report generated at: Thu, Jan 31, 2008 - 20:43:41









Scan path: C:\;















Statistics

Time


04:58:12

Files


177027

Folders


4329

Boot Sectors


8

Archives


3005

Packed Files


5619







Results

Identified Viruses


8

Infected Files


74

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


73







Engines Info

Virus Definitions


978446

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Disinfection failed

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask .exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask .exe


Deleted

C:\Program Files\QuickTime\qttask.exe


Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\QuickTime\qttask.exe


Deleted

C:\QooBox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.bak.vir


Detected with: Adware.BHO.WQD

C:\QooBox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.bak.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bpfhlbqk.dll.vir


Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bpfhlbqk.dll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bpfhlbqk.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cfiovugp.dll.vir


Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cfiovugp.dll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cfiovugp.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ebsfvmht.dll.vir


Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ebsfvmht.dll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ebsfvmht.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\faoeifnf.dll.vir


Infected with: Trojan.Vundo.DWB

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\faoeifnf.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hpstyfig.dll.vir


Infected with: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hpstyfig.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kqjjxbeh.dll.vir


Infected with: Trojan.Vundo.DWW

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kqjjxbeh.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pfecbcyq.dll.vir


Infected with: Trojan.Vundo.DVA

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pfecbcyq.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pyvxpubg.dll.vir


Infected with: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pyvxpubg.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX25.tmp.vir


Infected with: Trojan.Dropper.Vundo.E

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX25.tmp.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX26.tmp.vir


Infected with: Trojan.Dropper.Vundo.E

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX26.tmp.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX27.tmp.vir


Infected with: Trojan.Dropper.Vundo.E

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX27.tmp.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX28.tmp.vir


Infected with: Trojan.Dropper.Vundo.E


C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX28.tmp.vir


Deleted


C:\QooBox\Quarantine\catchme2008-01-25_142117.04.zip=>ssttu.dll


Infected with: Trojan.Vundo.ZAA

C:\QooBox\Quarantine\catchme2008-01-25_142117.04.zip=>ssttu.dll


Deleted

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 04 February 2008 - 05:46 PM

Hello,

Hope you had a great weekend. :blink: How is it running now please? Could you please post a new Hijackthis log and run ComboFix again to be sure there isn't anything left behind? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 07 February 2008 - 03:31 PM

Okie ~ Here we go . . . both logs just in case:

ComboFix 08-02.05.3 - Binky Bunny 2008-02-06 21:22:16.1 - NTFSx86
Running from: C:\Documents and Settings\Binky Bunny\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-01-31 15:28 . 2008-02-01 00:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-25 20:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 15:19 . 2008-01-25 17:59 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-25 15:19 . 2008-01-25 15:19 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\InstallShield
2008-01-24 22:22 . 2008-01-24 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 20:14 . 2008-01-24 20:14 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\Apple Computer
2008-01-23 18:47 . 2008-01-23 19:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-01-21 20:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-21 20:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-21 20:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-21 20:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-21 20:45 . 2008-02-04 15:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 20:45 . 2008-01-21 20:45 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\PC Tools
2008-01-21 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-01-21 14:35 . 2008-01-28 17:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-21 14:35 . 2008-01-21 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 11:59 . 2008-01-21 11:59 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\ErrorSweeper
2008-01-13 12:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-13 12:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-13 02:04 . 2008-01-14 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 12:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-11 21:51 . 2008-01-13 03:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-11 21:49 . 2008-01-11 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
2008-01-08 20:09 . 2008-01-13 13:09 <DIR> d-------- C:\Program Files\MagicISO
2008-01-08 12:40 . 2008-01-08 12:40 <DIR> d-------- C:\Program Files\langmaor
2008-01-07 20:53 . 2008-01-13 03:01 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\DNA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 19:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 05:15 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\OpenOffice.org2
2008-02-01 00:37 --------- d-----w C:\Program Files\QuickTime
2008-01-28 22:15 --------- d-----w C:\Program Files\Zune
2008-01-26 17:29 94,208 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-26 17:29 77,824 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-26 17:29 114,688 ----a-w C:\WINDOWS\SYSTEM32\igfxpers.exe
2008-01-26 01:40 --------- d-----w C:\Program Files\Java
2008-01-25 21:55 --------- d-----w C:\Program Files\Google
2008-01-25 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 16:36 --------- d-----w C:\Program Files\McAfee
2008-01-09 00:41 --------- d-----w C:\Program Files\Webroot
2008-01-09 00:41 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\Webroot
2008-01-08 23:55 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\BitTorrent
2008-01-03 00:33 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-03 00:15 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\LimeWire
2008-01-02 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-01-02 22:27 --------- d-----w C:\Program Files\CONEXANT
2008-01-02 22:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 22:17 --------- d-----w C:\Program Files\America Online 9.0a
2008-01-02 22:13 --------- d-----w C:\Program Files\HP
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-25 19:16 --------- d-----w C:\Program Files\Western Digital Technologies
2007-12-19 22:52 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-12-18 19:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
<pre>
----a-w		   286,720 2008-01-28 23:24:40  C:\Program Files\QuickTime\qttask															 .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-01-02 16:45 1101824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-31 12:43 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-26 12:30 1404928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-28 18:24 286720]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-28 10:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-26 12:29 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-26 12:29 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-26 12:29 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-26 12:29 114688]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-26 12:30 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-26 12:30 244512]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-23 18:15 20752]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-27 23:48 36904]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-26 12:30 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-29 14:45 144784]

[HKLM\~\startupfolder\C:^Documents and Settings^Binky Bunny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"AOL ACS"=2 (0x2)

S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 04:56]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RagnarokOnline\npkycryp.sys []

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 08:30:04 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper .exe
- C:\Program Files\ErrorSweeper
"2008-01-15 06:48:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:02:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 21:32:04
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 21:35:44
ComboFix-quarantined-files.txt 2008-02-07 02:35:35
.
2008-01-14 08:05:55 --- E O F ---


++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:46, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9935 bytes

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 08 February 2008 - 06:39 PM

Hello,

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

RenV::
----a-w 286,720 2008-01-28 23:24:40 C:\Program Files\QuickTime\qttask .exe


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 10 February 2008 - 12:16 PM

We seem to be running quite well. :thumbsup:

ComboFix 08-02.05.3 - Binky Bunny 2008-02-09 15:25:59.1 - NTFSx86
Running from: C:\Documents and Settings\Binky Bunny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Binky Bunny\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-06 21:19 . 2004-08-04 05:00 388,608 --a------ C:\kmd.exe
2008-01-31 15:28 . 2008-02-01 00:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-25 20:40 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-25 15:19 . 2008-01-25 17:59 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-25 15:19 . 2008-01-25 15:19 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\InstallShield
2008-01-24 22:22 . 2008-01-24 22:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 20:14 . 2008-01-24 20:14 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\Apple Computer
2008-01-23 18:47 . 2008-01-23 19:16 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-01-21 20:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-21 20:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-21 20:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-21 20:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-21 20:45 . 2008-02-07 15:05 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 20:45 . 2008-01-21 20:45 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\PC Tools
2008-01-21 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2008-01-21 14:35 . 2008-01-21 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 11:59 . 2008-01-21 11:59 <DIR> d-------- C:\Documents and Settings\Binky Bunny\Application Data\ErrorSweeper
2008-01-13 12:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-13 12:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2008-01-13 02:04 . 2008-01-14 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 12:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-11 21:51 . 2008-01-13 03:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-11 21:49 . 2008-01-11 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 16:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 05:15 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\OpenOffice.org2
2008-02-01 00:37 --------- d-----w C:\Program Files\QuickTime
2008-01-28 22:15 --------- d-----w C:\Program Files\Zune
2008-01-26 17:29 94,208 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-26 17:29 77,824 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-26 17:29 114,688 ----a-w C:\WINDOWS\SYSTEM32\igfxpers.exe
2008-01-26 01:40 --------- d-----w C:\Program Files\Java
2008-01-25 21:55 --------- d-----w C:\Program Files\Google
2008-01-25 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 16:36 --------- d-----w C:\Program Files\McAfee
2008-01-13 18:09 --------- d-----w C:\Program Files\MagicISO
2008-01-13 08:01 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\DNA
2008-01-09 00:41 --------- d-----w C:\Program Files\Webroot
2008-01-09 00:41 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\Webroot
2008-01-08 23:55 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\BitTorrent
2008-01-08 17:40 --------- d-----w C:\Program Files\langmaor
2008-01-03 00:33 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-03 00:15 --------- d-----w C:\Documents and Settings\Binky Bunny\Application Data\LimeWire
2008-01-02 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-01-02 22:27 --------- d-----w C:\Program Files\CONEXANT
2008-01-02 22:21 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 22:17 --------- d-----w C:\Program Files\America Online 9.0a
2008-01-02 22:13 --------- d-----w C:\Program Files\HP
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-31 17:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-25 19:16 --------- d-----w C:\Program Files\Western Digital Technologies
2007-12-19 22:52 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-12-18 19:46 --------- d-----w C:\Program Files\SiteAdvisor
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
<pre>
----a-w		   286,720 2008-01-28 23:24:40  C:\Program Files\QuickTime\qttask															 .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-01-02 16:45 1101824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-31 12:43 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-26 12:30 1404928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-28 18:24 286720]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-01-28 10:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-26 12:29 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-26 12:29 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-26 12:29 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-26 12:29 114688]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-26 12:30 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-26 12:30 244512]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-23 18:15 20752]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-27 23:48 36904]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-26 12:30 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-29 14:45 144784]

[HKLM\~\startupfolder\C:^Documents and Settings^Binky Bunny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"AOL ACS"=2 (0x2)

S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 04:56]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RagnarokOnline\npkycryp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 08:30:03 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper .exe
- C:\Program Files\ErrorSweeper
"2008-01-15 06:48:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:02:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 15:34:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 15:37:47
ComboFix-quarantined-files.txt 2008-02-09 20:37:36
ComboFix2.txt 2008-02-07 02:35:46
.
2008-01-14 08:05:55 --- E O F ---

+++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:25 PM, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.215.17.73:4480
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=073006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE97E08-C49A-4393-868D-6C2F1F7DF9CB}: NameServer = 74.132.1.132,74.132.1.133
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Unknown owner - C:\WINDOWS\system32\wwSecure.exe
(file missing)

--
End of file - 9743 bytes

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:11 PM

Posted 11 February 2008 - 03:08 PM

Hello,

Glad to know it. :blink:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please delete ComboFix and it's accompanying folder, C:\Qoobox

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now re run BitDefender and see if it's easier to get through. :thumbsup: If it doesn't find anything, then no need to post the report, just let me know.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Pet Project

Pet Project
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:11 PM

Posted 13 February 2008 - 10:18 PM

Nothing was found by BitDefender~ Everything seems to be going quite smoothly now. Thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users