Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Some Sort Of Infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 SilveradoSS

SilveradoSS

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 30 January 2008 - 12:19 PM

Hello, I'm having problems with getting unexpected results while surfing/searching the net. I was getting pop-ups for a software called WinXDefender. Wanted me to buy full version to clean my PC, which I didn't. I think I got rid of the WinXDefender, but my browser is redirecting to unexpected sites.

I have ran all of the recommended cleaners and my own antivirus program with no luck in cleaning the problem.

Thanks in advance for any help you can offer.

Here is a current HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:26 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.13.247.82:3128
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [diskmgr.exe] diskmgr.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.hyosungmotorsusa.com/CAB/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247881468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247827593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7259 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 30 January 2008 - 12:38 PM

Hello SilveradoSS,

Welcome to Bleeping Computer :blink:

Please make sure you AVG Antispyware is completely up to date, then please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Delete the following file:

C:\PROGRA~1\COMMON~1\System\vd3_sys.dat

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
How is it running now please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 30 January 2008 - 06:28 PM

"Chains together several Favorite Expletives"! :thumbsup: It looks like everything is back after the Safe Mode scans and reboot. As soon as the system boots, this WinXDefender launches and starts a system scan. My Avast AV software tries to intercept the program, recognizing it as a virus. Also, my internet connection is S--L--O--W, that is when it's not redirecting me to some BS site.

Here is the AVG scan report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:53:33 PM 1/30/2008

+ Scan result:



C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP114\A0032754.ocx -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP114\A0032755.ocx -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end



Here is the HijackThis report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:39 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.13.247.82:3128
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [diskmgr.exe] diskmgr.exe
O4 - HKCU\..\Run: [WinXDefender] C:\Program Files\WinXDefender\WinXDefender.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.hyosungmotorsusa.com/CAB/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247881468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247827593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7273 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 31 January 2008 - 01:06 AM

Hello,

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 31 January 2008 - 01:51 AM

Thanks for your help!

Here is the ComboFix log:

ComboFix 08-01-31.3 - Owner 2008-01-31 0:29:20.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.122 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C92NSXAJ\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\WinXDefender
C:\Documents and Settings\Owner\Application Data\WinXDefender\base.dat
C:\Documents and Settings\Owner\Application Data\WinXDefender\base2.dat
C:\Documents and Settings\Owner\Application Data\WinXDefender\Desc.dat
C:\Documents and Settings\Owner\Application Data\WinXDefender\spline.dat
C:\Documents and Settings\Owner\Start Menu\Programs\WinXDefender
C:\Documents and Settings\Owner\Start Menu\Programs\WinXDefender\Purchase License.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\WinXDefender\Support Page.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\WinXDefender\WinXDefender Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\WinXDefender\WinXDefender.lnk
C:\Program Files\lsass.exe
C:\Program Files\WinXDefender
C:\Program Files\WinXDefender\Buy.url
C:\Program Files\WinXDefender\Help.url
C:\Program Files\WinXDefender\Uninstall.exe
C:\Program Files\WinXDefender\WinXDefender.exe
C:\WINDOWS\system32\ckuxuidy.ini
C:\WINDOWS\system32\fun_proglog.dll
C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\Misclog.dll
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 08:14 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 05:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 05:39 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 05:39 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 05:39 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 05:39 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 05:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-27 10:42 . 2008-01-27 10:42 38,856 --a------ C:\WINDOWS\system32\diskmgr.exe
2008-01-27 10:42 . 2008-01-27 10:42 0 --ah----- C:\Documents and Settings\Owner\Application Data\cachest.dat
2008-01-26 15:19 . 2008-01-26 15:19 40,507 --a------ C:\Documents and Settings\Owner\wn789.exe
2008-01-19 00:26 . 2008-01-26 20:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 20:27 . 2008-01-18 20:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-18 20:21 . 2008-01-18 20:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-18 20:21 . 2008-01-18 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-18 20:18 . 2008-01-18 20:18 <DIR> d-------- C:\Program Files\SAMSUNG
2008-01-18 19:40 . 2008-01-18 19:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-18 19:20 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\system32\SET1165.tmp
2008-01-18 19:20 . 2007-12-01 00:26 6,656 --a------ C:\WINDOWS\system32\SET115D.tmp
2008-01-18 19:15 . 2007-12-01 00:25 8,461,312 --a------ C:\WINDOWS\system32\SET203.tmp
2008-01-18 19:14 . 2007-12-01 00:26 727,040 --a------ C:\WINDOWS\system32\SET19F.tmp
2008-01-18 19:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002888_.tmp
2008-01-18 19:09 . 2004-08-04 01:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-01-18 19:09 . 2004-07-01 16:08 331,776 --a------ C:\WINDOWS\system32\SET1828.tmp
2008-01-18 19:09 . 2002-08-29 13:00 6,788 --a------ C:\WINDOWS\system32\dllcache\secupd.sig
2008-01-18 19:09 . 2002-08-29 13:00 4,573 --a------ C:\WINDOWS\system32\dllcache\secupd.dat
2008-01-18 19:08 . 2002-08-29 06:00 162,304 --a------ C:\WINDOWS\system32\SET168C.tmp
2008-01-18 19:08 . 2002-08-29 06:00 9,216 --a------ C:\WINDOWS\system32\SET184F.tmp
2008-01-18 19:06 . 2004-07-07 19:37 2,803,712 --a------ C:\WINDOWS\system32\SET16A0.tmp
2008-01-18 19:05 . 2004-06-10 13:51 8,350,720 --a------ C:\WINDOWS\system32\SET17A1.tmp
2008-01-18 17:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\Common Files\Ahead(2)
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero(2)
2008-01-18 16:43 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\SAMSUNG(2)
2008-01-16 19:37 . 2008-01-18 19:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe(2)
2008-01-16 16:54 . 2008-01-16 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-16 10:59 . 2008-01-16 16:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-01-16 10:57 . 2008-01-16 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 10:52 . 2008-01-16 10:52 <DIR> d-------- C:\Program Files\Nero
2008-01-09 22:33 . 2008-01-09 22:52 <DIR> d-------- C:\Program Files\MP3Dancer
2008-01-09 22:33 . 2008-01-09 22:33 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2008-01-09 22:31 . 2008-01-09 22:31 <DIR> d-------- C:\Program Files\Winamp
2008-01-09 22:17 . 2008-01-09 22:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2008-01-09 22:16 . 2008-01-28 21:59 <DIR> d-------- C:\Program Files\SoundSpectrum
2008-01-03 11:24 . 2008-01-03 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-02 16:00 . 2008-01-02 16:00 <DIR> d-------- C:\Program Files\Virtools
2007-12-26 18:39 . 2007-12-26 18:39 <DIR> d-------- C:\Program Files\Common Files\Avery
2007-12-26 18:39 . 2007-12-26 18:43 <DIR> d-------- C:\Program Files\Avery Wizard 3.1
2007-12-24 20:18 . 2007-12-24 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-23 01:31 . 2004-02-23 15:43 397,312 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-23 01:31 . 2004-02-23 15:43 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-23 01:31 . 2004-02-23 15:43 12,165 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-20 10:59 . 2007-12-23 01:54 <DIR> d-------- C:\WINDOWS\nview
2007-12-20 10:19 . 2008-01-18 17:56 4,566 --a------ C:\WINDOWS\imsins.BAK
2007-12-19 19:36 . 2007-12-19 19:36 <DIR> d-------- C:\Program Files\Ligos
2007-12-19 19:36 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2007-12-19 19:36 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2007-12-19 12:03 . 2007-12-19 12:04 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-18 00:04 . 2007-12-18 00:04 195,584 --a------ C:\WINDOWS\system32\Xvoice.dll
2007-12-18 00:04 . 2007-12-18 00:04 180,224 --a------ C:\WINDOWS\system32\ijl11.dll
2007-12-18 00:04 . 2007-12-18 00:04 61,440 --a------ C:\WINDOWS\system32\Chameleon.ocx
2007-12-18 00:04 . 2007-12-18 00:04 57,344 --a------ C:\WINDOWS\system32\compcontrols.ocx
2007-12-18 00:04 . 2007-12-18 00:04 45,568 --a------ C:\WINDOWS\system32\Hackpro.dll
2007-12-18 00:04 . 2007-12-18 00:04 26,768 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-12-18 00:04 . 2007-12-18 00:04 2,976 --a------ C:\WINDOWS\system32\DOCSHELL.DLL
2007-12-18 00:03 . 2007-12-18 00:03 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2007-12-18 00:03 . 2007-12-18 00:03 268,192 --a------ C:\WINDOWS\system32\SVTRAN.DLL
2007-12-18 00:03 . 2007-12-18 00:03 143,360 --a------ C:\WINDOWS\system32\lvbuttons.ocx
2007-12-18 00:03 . 2007-12-18 00:03 114,688 --a------ C:\WINDOWS\system32\sexycontrols.ocx
2007-12-18 00:03 . 2007-12-18 00:03 105,181 --a------ C:\WINDOWS\system32\SVTTS.DLL
2007-12-18 00:03 . 2007-12-18 00:03 98,304 --a------ C:\WINDOWS\system32\prjchameleon.ocx
2007-12-18 00:03 . 2007-12-18 00:03 73,728 --a------ C:\WINDOWS\system32\madbeyond.ocx
2007-12-18 00:03 . 2007-12-18 00:03 69,632 --a------ C:\WINDOWS\system32\sendmail.ocx
2007-12-18 00:03 . 2007-12-18 00:03 69,632 --a------ C:\WINDOWS\system32\macrobtn.ocx
2007-12-18 00:02 . 2007-12-18 00:02 958,464 --a------ C:\WINDOWS\system32\vbskpro.ocx
2007-12-18 00:02 . 2007-12-18 00:02 232,849 --a------ C:\WINDOWS\system32\yacscom.dll
2007-12-18 00:02 . 2007-12-18 00:02 200,704 --a------ C:\WINDOWS\system32\yacsui.dll
2007-12-18 00:02 . 2007-12-18 00:02 145,360 --a------ C:\WINDOWS\system32\WEBPOST.DLL
2007-12-18 00:02 . 2007-12-18 00:02 122,880 --a------ C:\WINDOWS\system32\YMSG12Crypt.dll
2007-12-18 00:02 . 2007-12-18 00:02 109,504 --a------ C:\WINDOWS\system32\WPWIZDLL.DLL
2007-12-18 00:02 . 2007-12-18 00:02 90,112 --a------ C:\WINDOWS\system32\YCrypt.dll
2007-12-18 00:02 . 2007-12-18 00:02 89,970 --a------ C:\WINDOWS\system32\YMSG12ENCRYPT.dll
2007-12-18 00:02 . 2007-12-18 00:02 60,992 --a------ C:\WINDOWS\system32\WPCTRL.DLL
2007-12-18 00:02 . 2007-12-18 00:02 51,712 --a------ C:\WINDOWS\system32\YMSG_12.dll
2007-12-18 00:00 . 2007-12-18 00:00 360,448 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2007-12-17 23:59 . 2007-12-17 23:59 1,233,680 --a------ C:\WINDOWS\system32\MSJT4JLT.DLL
2007-12-17 23:58 . 2007-12-17 23:58 404,728 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2007-12-17 23:58 . 2007-12-17 23:58 311,296 --a------ C:\WINDOWS\system32\MSDBRPT.DLL
2007-12-17 23:58 . 2007-12-17 23:58 299,008 --a------ C:\WINDOWS\system32\MSDBRPTR.DLL
2007-12-17 23:58 . 2007-12-17 23:58 229,896 --a------ C:\WINDOWS\system32\MSDATLST.OCX
2007-12-17 23:58 . 2007-12-17 23:58 184,840 --a------ C:\WINDOWS\system32\MSDATREP.OCX
2007-12-17 23:58 . 2007-12-17 23:58 69,120 --a------ C:\WINDOWS\system32\MSDBG.DLL
2007-12-17 23:58 . 2007-12-17 23:58 10,062 --a------ C:\WINDOWS\system32\MSDBGEN.DLL
2007-12-17 23:57 . 2007-12-17 23:57 260,920 --a------ C:\WINDOWS\system32\MSDatGrd.ocx
2007-12-17 23:57 . 2007-12-17 23:57 103,744 --a------ C:\WINDOWS\system32\mscomm32.ocx
2007-12-17 23:56 . 2007-12-17 23:56 1,052,168 --a------ C:\WINDOWS\system32\MSCHRT20.OCX
2007-12-17 23:56 . 2007-12-17 23:56 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2007-12-17 23:56 . 2007-12-17 23:56 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2007-12-17 23:56 . 2007-12-17 23:56 274,485 --a------ C:\WINDOWS\system32\MFCD42D.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 22:57 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-29 03:59 --------- d-----w C:\Program Files\DivX
2008-01-26 22:58 --------- d-----w C:\Program Files\BearShare
2008-01-26 21:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-01-26 16:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\RipIt4Me
2008-01-25 18:34 4,114 ----a-w C:\WINDOWS\viassary-hp.reg
2008-01-21 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-19 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 01:39 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 23:09 98,304 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2008-01-18 23:09 5,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2008-01-18 23:09 45,056 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2008-01-18 23:09 434,176 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2008-01-18 23:09 4,096 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2008-01-18 23:09 36,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2008-01-18 23:09 356,352 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2008-01-18 23:09 344,064 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2008-01-18 23:09 32,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2008-01-18 23:09 3,072 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2008-01-18 23:09 282,624 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2008-01-18 23:09 26,572 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2008-01-18 23:09 24,576 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2008-01-18 23:09 213,089 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motive.zip
2008-01-18 23:09 212,992 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2008-01-18 23:09 159,744 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2008-01-18 23:09 155,877 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\js.zip
2008-01-18 23:09 139,264 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2008-01-18 23:09 122,880 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2008-01-18 03:52 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-01-02 20:19 --------- d-----w C:\Program Files\Google
2007-12-23 07:39 155,995 ----a-w C:\WINDOWS\Java\Packages\qqv9f3bt.zip
2007-12-23 07:26 --------- d-----w C:\Program Files\InterVideo
2007-12-20 15:48 --------- d-----w C:\Program Files\InterActual
2007-12-19 18:01 --------- d-----w C:\Program Files\Common Files\Real
2007-12-18 06:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-18 06:01 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL
2007-12-18 06:01 875,520 ----a-w C:\WINDOWS\system32\VFP6RENU.DLL
2007-12-18 06:01 548,864 ----a-w C:\WINDOWS\system32\rtcdll.dll
2007-12-18 06:01 48,936 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-12-18 06:01 4,608 ----a-w C:\WINDOWS\system32\ticacgpa.dll
2007-12-18 06:01 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2007-12-18 06:01 3,370,768 ----a-w C:\WINDOWS\system32\VFP6R.DLL
2007-12-18 06:01 185,344 ----a-w C:\WINDOWS\system32\Thawbrkr.dll
2007-12-18 06:01 178,609 ----a-w C:\WINDOWS\system32\SCRIPTLE.DLL
2007-12-18 06:01 150,528 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2007-12-18 06:01 118,784 ----a-w C:\WINDOWS\system32\SQLPARSE.DLL
2007-12-18 06:00 98,496 ----a-w C:\WINDOWS\system32\POSTWPP.DLL
2007-12-18 06:00 72,704 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL
2007-12-18 06:00 62,224 ----a-w C:\WINDOWS\system32\nwapi32.dll
2007-12-18 06:00 50,816 ----a-w C:\WINDOWS\system32\PIPARSE.DLL
2007-12-18 06:00 50,688 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-12-18 06:00 4,608 ----a-w C:\WINDOWS\system32\nmwcdlog.dll
2007-12-18 06:00 32,768 ----a-w C:\WINDOWS\system32\RACREG32.DLL
2007-12-18 06:00 307,200 ----a-w C:\WINDOWS\system32\QTMLClient.dll
2007-12-18 06:00 30,720 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-18 06:00 183,558 ----a-w C:\WINDOWS\system32\PDM.DLL
2007-12-18 06:00 16,896 ----a-w C:\WINDOWS\system32\ODKOB32.DLL
2007-12-18 06:00 15,120 ----a-w C:\WINDOWS\system32\REPUTIL.DLL
2007-12-18 05:59 94,285 ----a-w C:\WINDOWS\system32\MSVCIRTD.DLL
2007-12-18 05:59 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-18 05:59 47,104 ----a-w C:\WINDOWS\system32\mspmspsv.dll
2007-12-18 05:59 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-18 05:59 407,312 ----a-w C:\WINDOWS\system32\MSREPL35.DLL
2007-12-18 05:59 174,744 ----a-w C:\WINDOWS\system32\MSSDM.DLL
2007-12-18 05:55 6,144 ----a-w C:\WINDOWS\system32\kbdth3.dll
2007-12-18 05:55 6,144 ----a-w C:\WINDOWS\system32\kbdth2.dll
2007-12-18 05:55 6,144 ----a-w C:\WINDOWS\system32\kbdinpun.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdvntc.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdusa.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdurdu.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdth1.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdth0.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdsyr2.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdsyr1.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdintel.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdintam.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdinmar.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdinkan.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdinhin.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdinguj.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdindev.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdheb.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbdfa.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbddiv2.dll
2007-12-18 05:55 5,632 ----a-w C:\WINDOWS\system32\kbddiv1.dll
2007-12-18 05:55 5,120 ----a-w C:\WINDOWS\system32\kbdgeo.dll
2007-12-18 05:55 5,120 ----a-w C:\WINDOWS\system32\kbdarmw.dll
2007-12-18 05:54 98,960 ----a-w C:\WINDOWS\system32\FTPWPP.DLL
2007-10-22 14:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007102220071023\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2004-02-23 15:43 49152]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"diskmgr.exe"="diskmgr.exe" [2008-01-27 10:42 38856 C:\WINDOWS\system32\diskmgr.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-19 19:56 2731008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-02-23 15:43 3026944]
"nwiz"="nwiz.exe" [2004-02-23 15:43 753664 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\Alcxmntr.exe]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2005-12-25 19:33:17 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
MagicTune3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2005-12-25 19:33:36 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-12-25 19:32:29 155715]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
".DLL"= 1 (0x1)
".OCX"= 0 (0x0)
"Find File And Download"= 1 (0x1)
"Search By Pages"= 1 (0x1)
"save chnages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-10-18 10:38]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 07:36:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-01-19 23:46:42 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 00:36:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 0:41:18
ComboFix-quarantined-files.txt 2008-01-31 06:41:08
ComboFix2.txt 2007-11-03 05:09:03
ComboFix3.txt 2007-11-03 01:20:16
ComboFix4.txt 2007-10-22 14:54:07


And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:04 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.13.247.82:3128
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [diskmgr.exe] diskmgr.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.hyosungmotorsusa.com/CAB/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247881468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247827593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7068 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 31 January 2008 - 02:28 AM

Hello,

You're welcome. :thumbsup: How is it running now?

Please download and run Bit Defender 8 online scanner
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 31 January 2008 - 03:15 PM

tea,

I screwed up and ran the trial version of Bit Defender, so the log saved was an .xml file which I wan't able to post to the forum. After figuring out what I had done wrong, I ran the on-line scan which came up empty, so I guess the trial version did it's job. Here is a portion of the report from the trial log for your viewing as I couldn't get all of the data from the report to paste to the forum without locking up/crashing Internet Explorer. The rest of the report was about not being able to scan inside Spybot - Search And Destroy and Adaware zip files due to password protection:

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 10:17:48 31/01/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1201796268_1_02.xml

Scan Paths:Path0000: C:\
Path0001: D:\
Path0002: K:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 978306
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 362632
Infected items : 8
Suspicious items : 0
Resolved items : 8
Individual viruses found : 6
Scanned directories : 10395
Scanned boot sectors : 3
Scanned archives : 14895
Input-output errors : 24
Scan time : 00:02:51:27
Files per second : 35


Scanned processes summaryScanned : 40
Infected : 0


Scanned registry keys summaryScanned : 341
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0

Resolved issues:Object Name Threat Name Final Status
C:\Program Files\Microsoft AntiSpyware\Quarantine\6F26BC0E-0E00-47EB-B253-F802DE\67FBD18E-0E74-4180-A508-AF36DE Adware.Backweb.L Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\6F26BC0E-0E00-47EB-B253-F802DE\BD9401C8-6E2E-4AE2-AB29-1AE5D2 Adware.Backweb.L Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D1D25DB-4532-4D99-AA6D-29508E\51CC9809-C621-460D-AEA7-8807EF Application.Flashget.B Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-e571165-56849a69.zip=]BnnnnBaa.class Java.Trojan.Exploit.Bytverify Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-e571165-56849a69.zip=]Dnnny.class Java.Trojan.Exploit.Bytverify Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-e571165-56849a69.zip=]VaannnaaBaa.class Trojan.Java.Classloader.E Deleted
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP116\A0032945.exe Trojan.Peed.INO Moved to Quarantine
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP77\S0012156.Acl Win32.MyPics.A@mm Moved to Quarantine

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 31 January 2008 - 05:56 PM

Hello,

Do you still have Microsoft AntiSpyware on your system? :thumbsup: I didn't see any sign of it in your logs. That became Windows Defender a long time ago, so is very outdated. Can I see an uninstall list please?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

How is it running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 31 January 2008 - 08:50 PM

It seems the PC is running OK. I still have the WinXDefender problem that launches every time I reboot the PC.

Here is the HJT log:

"Doras Rapido River Rafting Race (remove only)"
3D Groove Playback Engine
Acoustica MP3 CD Burner
Acoustica Photos Forever
Activity Center, Winnie the Pooh
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 8.1.1
Audacity 1.3.0
avast! Antivirus
Avery Wizard 3.1
AVG Anti-Spyware 7.5
Backyardigans Mission to Mars (remove only)
BearShare
BearShare Test
BitTorrent 5.0.9
Blue's Art Time Activities
Cars Demo
Clifford Learning Activities
DeepBurner v1.8.0.224
Diego`s Dinosaur Adventure (remove only)
Diegos Rescue Adventure (remove only)
Dino Island
DivX Player
Dora`s Magic Castle (remove only)
DTCLookup
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab HD Decrypter 3.1.8.0
EMCO Malware Bouncer
Finding Nemo: Nemo's Underwater World of Fun Special Edition
FLAC 1.1.4b (remove only)
FW LiveUpdate
GdiplusUpgrade
Hidden Expedition - Titanic (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Update
HPIZ350
Indeo® Software
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVD Player
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2_03
Jewel Quest (remove only)
Jimmy Neutron Invention Revenge (remove only)
JumpStart Toddlers 2000
KBD
KGB Archiver 1.2.1.24
K-Lite Mega Codec Pack 3.5.7
Macromedia Flash Player 8
Macromedia Shockwave Player
MagicTune3.5_Client
Mah Jong Quest (remove only)
MasterSplitter Program
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
mpegable Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Natural Color
Neonatal Resuscitation CD-ROM
Nero 7 Essentials
neroxml
NVIDIA Display Driver
NVIDIA Ethernet Driver
overland
PC-Doctor for Windows
PCFriendly
Photosmart 140,240,7200,7600,7700,7900 Series
Product name
Putt-Putt Travels Through Time
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Realtek AC'97 Audio
RecordNow!
RipIt4Me
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sonic Update Manager
SoulSeek Client 156c
SpamSubtract
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
Spyware Terminator
The Land Before Time Kindergarten Adventure
The Little Mermaid Bubble Blast
Toolkit View(HP)
Tumblebugs
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP
Virtools 3D Life Player
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Wise Registry Cleaner 2.9.3
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 31 January 2008 - 09:40 PM

Hello,

Via Add/Remove Programs, please uninstall the following :

Java 2 Runtime Environment, SE v1.4.2_03

Reboot afterwards.

Do a search using Windows for WinXDefender and delete every instance of it the search comes up with, then please run ComboFix again and post the report. Please let me know how it's running...the more you tell me, the more I can help. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 31 January 2008 - 11:10 PM

tea,

I just found a folder for WinXDefender in the <Start> menu. There is an uninstall in the folder. I'm going to run the uninstall and then do a Windows search for any WinXDefender files. One thing I noticed when I initiated the uninstall, was that a warning box appeared after clicking the uninstall asking "Are you sure that you want to uninstall WinXProtector, not WinXDefender.

After running the search, I will re-run ComboFix again.

#12 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 February 2008 - 12:07 AM

tea,

I was all ready to say the PC was running normal, but I just got bounced to an unexpected website while doing a search. The bottom of the screen read hxxp://hipointltd.com/c/?q=ws2fix.exe&r=GER&z=http://rds.yahoo.com/_ylt=A0geu5mkpqJHuMsA8rJXNyoA;_ylu=X3oDMTFhanVtOTFiBHNlYwNzcgRwb3MDOARjb2xvA2FjMgR2dGlkA01BUDAwN185NwRsA1dTMQ--/SIG=12cgdab0i/EXP=1201928228/**http%3a//forums.pcpitstop.com/index.php%3fshowtopic=147836 while clicking on a Yahoo search link for ws2fix.exe. Every time I'm bounced to an unexpected site, the link at the bottom of the page always begins with hxxp://hipointltd.com.

Here is the new ComboFix log:

ComboFix 08-02.01.4 - Owner 2008-01-31 22:35:55.7 - NTFSx86
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0RQL0RDC\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 22:34 . 2008-01-31 22:40 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-01-31 07:11 . 2008-01-31 11:55 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-31 07:05 . 2008-01-31 11:56 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 08:14 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 05:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 05:39 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 05:39 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 05:39 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 05:39 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 05:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-27 10:42 . 2008-01-27 10:42 0 --ah----- C:\Documents and Settings\Owner\Application Data\cachest.dat
2008-01-26 15:19 . 2008-01-26 15:19 40,507 --a------ C:\Documents and Settings\Owner\wn789.exe
2008-01-19 00:26 . 2008-01-26 20:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 20:27 . 2008-01-18 20:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-18 20:21 . 2008-01-18 20:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-18 20:21 . 2008-01-18 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-18 20:18 . 2008-01-18 20:18 <DIR> d-------- C:\Program Files\SAMSUNG
2008-01-18 19:40 . 2008-01-18 19:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-18 19:20 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\system32\SET1165.tmp
2008-01-18 19:20 . 2007-12-01 00:26 6,656 --a------ C:\WINDOWS\system32\SET115D.tmp
2008-01-18 19:15 . 2007-12-01 00:25 8,461,312 --a------ C:\WINDOWS\system32\SET203.tmp
2008-01-18 19:14 . 2007-12-01 00:26 727,040 --a------ C:\WINDOWS\system32\SET19F.tmp
2008-01-18 19:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002888_.tmp
2008-01-18 19:09 . 2004-08-04 01:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-01-18 19:09 . 2004-07-01 16:08 331,776 --a------ C:\WINDOWS\system32\SET1828.tmp
2008-01-18 19:09 . 2002-08-29 13:00 6,788 --a------ C:\WINDOWS\system32\dllcache\secupd.sig
2008-01-18 19:09 . 2002-08-29 13:00 4,573 --a------ C:\WINDOWS\system32\dllcache\secupd.dat
2008-01-18 19:08 . 2002-08-29 06:00 162,304 --a------ C:\WINDOWS\system32\SET168C.tmp
2008-01-18 19:08 . 2002-08-29 06:00 9,216 --a------ C:\WINDOWS\system32\SET184F.tmp
2008-01-18 19:06 . 2004-07-07 19:37 2,803,712 --a------ C:\WINDOWS\system32\SET16A0.tmp
2008-01-18 19:05 . 2004-06-10 13:51 8,350,720 --a------ C:\WINDOWS\system32\SET17A1.tmp
2008-01-18 17:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\Common Files\Ahead(2)
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero(2)
2008-01-18 16:43 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\SAMSUNG(2)
2008-01-16 19:37 . 2008-01-18 19:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe(2)
2008-01-16 16:54 . 2008-01-16 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-16 10:59 . 2008-01-16 16:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-01-16 10:57 . 2008-01-16 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 10:52 . 2008-01-16 10:52 <DIR> d-------- C:\Program Files\Nero
2008-01-09 22:33 . 2008-01-09 22:52 <DIR> d-------- C:\Program Files\MP3Dancer
2008-01-09 22:33 . 2008-01-09 22:33 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2008-01-09 22:31 . 2008-01-09 22:31 <DIR> d-------- C:\Program Files\Winamp
2008-01-09 22:17 . 2008-01-09 22:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2008-01-09 22:16 . 2008-01-28 21:59 <DIR> d-------- C:\Program Files\SoundSpectrum
2008-01-03 11:24 . 2008-01-03 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-02 16:00 . 2008-01-02 16:00 <DIR> d-------- C:\Program Files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 04:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-02-01 04:20 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-29 03:59 --------- d-----w C:\Program Files\DivX
2008-01-26 22:58 --------- d-----w C:\Program Files\BearShare
2008-01-26 16:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\RipIt4Me
2008-01-25 18:34 4,114 ----a-w C:\WINDOWS\viassary-hp.reg
2008-01-21 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-19 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 01:39 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 23:09 98,304 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2008-01-18 23:09 5,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2008-01-18 23:09 45,056 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2008-01-18 23:09 434,176 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2008-01-18 23:09 4,096 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2008-01-18 23:09 36,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2008-01-18 23:09 356,352 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2008-01-18 23:09 344,064 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2008-01-18 23:09 32,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2008-01-18 23:09 3,072 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2008-01-18 23:09 282,624 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2008-01-18 23:09 26,572 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2008-01-18 23:09 24,576 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2008-01-18 23:09 213,089 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motive.zip
2008-01-18 23:09 212,992 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2008-01-18 23:09 159,744 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2008-01-18 23:09 155,877 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\js.zip
2008-01-18 23:09 139,264 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2008-01-18 23:09 122,880 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2008-01-18 03:52 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-01-02 20:19 --------- d-----w C:\Program Files\Google
2007-12-27 00:43 --------- d-----w C:\Program Files\Avery Wizard 3.1
2007-12-27 00:39 --------- d-----w C:\Program Files\Common Files\Avery
2007-12-25 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-23 07:39 155,995 ----a-w C:\WINDOWS\Java\Packages\qqv9f3bt.zip
2007-12-23 07:26 --------- d-----w C:\Program Files\InterVideo
2007-12-20 15:48 --------- d-----w C:\Program Files\InterActual
2007-12-20 01:36 --------- d-----w C:\Program Files\Ligos
2007-12-19 18:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 18:01 --------- d-----w C:\Program Files\Common Files\Real
2007-12-18 06:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-18 06:05 --------- d-----w C:\Program Files\Needed-Files-Downloader
2007-12-18 06:04 45,568 ----a-w C:\WINDOWS\system32\Hackpro.dll
2007-12-18 06:04 26,768 ----a-w C:\WINDOWS\system32\CTL3D.DLL
2007-12-18 06:04 195,584 ----a-w C:\WINDOWS\system32\Xvoice.dll
2007-12-18 06:04 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2007-12-18 06:03 398,416 ----a-w C:\WINDOWS\system32\VBRUN300.DLL
2007-12-18 06:03 268,192 ----a-w C:\WINDOWS\system32\SVTRAN.DLL
2007-12-18 06:03 105,181 ----a-w C:\WINDOWS\system32\SVTTS.DLL
2007-12-18 06:02 90,112 ----a-w C:\WINDOWS\system32\YCrypt.dll
2007-12-18 06:02 89,970 ----a-w C:\WINDOWS\system32\YMSG12ENCRYPT.dll
2007-12-18 06:02 60,992 ----a-w C:\WINDOWS\system32\WPCTRL.DLL
2007-12-18 06:02 51,712 ----a-w C:\WINDOWS\system32\YMSG_12.dll
2007-12-18 06:02 232,849 ----a-w C:\WINDOWS\system32\yacscom.dll
2007-12-18 06:02 200,704 ----a-w C:\WINDOWS\system32\yacsui.dll
2007-12-18 06:02 145,360 ----a-w C:\WINDOWS\system32\WEBPOST.DLL
2007-12-18 06:02 122,880 ----a-w C:\WINDOWS\system32\YMSG12Crypt.dll
2007-12-18 06:02 109,504 ----a-w C:\WINDOWS\system32\WPWIZDLL.DLL
2007-12-18 06:01 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL
2007-12-18 06:01 875,520 ----a-w C:\WINDOWS\system32\VFP6RENU.DLL
2007-12-18 06:01 548,864 ----a-w C:\WINDOWS\system32\rtcdll.dll
2007-12-18 06:01 48,936 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-12-18 06:01 4,608 ----a-w C:\WINDOWS\system32\ticacgpa.dll
2007-12-18 06:01 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2007-12-18 06:01 3,370,768 ----a-w C:\WINDOWS\system32\VFP6R.DLL
2007-12-18 06:01 185,344 ----a-w C:\WINDOWS\system32\Thawbrkr.dll
2007-12-18 06:01 178,609 ----a-w C:\WINDOWS\system32\SCRIPTLE.DLL
2007-12-18 06:01 150,528 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2007-12-18 06:01 118,784 ----a-w C:\WINDOWS\system32\SQLPARSE.DLL
2007-12-18 06:00 98,496 ----a-w C:\WINDOWS\system32\POSTWPP.DLL
2007-12-18 06:00 72,704 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL
2007-12-18 06:00 62,224 ----a-w C:\WINDOWS\system32\nwapi32.dll
2007-12-18 06:00 50,816 ----a-w C:\WINDOWS\system32\PIPARSE.DLL
2007-12-18 06:00 50,688 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-12-18 06:00 4,608 ----a-w C:\WINDOWS\system32\nmwcdlog.dll
2007-12-18 06:00 32,768 ----a-w C:\WINDOWS\system32\RACREG32.DLL
2007-12-18 06:00 307,200 ----a-w C:\WINDOWS\system32\QTMLClient.dll
2007-12-18 06:00 30,720 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-18 06:00 183,558 ----a-w C:\WINDOWS\system32\PDM.DLL
2007-12-18 06:00 16,896 ----a-w C:\WINDOWS\system32\ODKOB32.DLL
2007-12-18 06:00 15,120 ----a-w C:\WINDOWS\system32\REPUTIL.DLL
2007-12-18 05:59 94,285 ----a-w C:\WINDOWS\system32\MSVCIRTD.DLL
2007-12-18 05:59 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-18 05:59 47,104 ----a-w C:\WINDOWS\system32\mspmspsv.dll
2007-12-18 05:59 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-18 05:59 407,312 ----a-w C:\WINDOWS\system32\MSREPL35.DLL
2007-12-18 05:59 174,744 ----a-w C:\WINDOWS\system32\MSSDM.DLL
2007-12-18 05:59 1,233,680 ----a-w C:\WINDOWS\system32\MSJT4JLT.DLL
2007-12-18 05:58 69,120 ----a-w C:\WINDOWS\system32\MSDBG.DLL
2007-10-22 14:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007102220071023\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}]
2008-01-26 05:01 56832 -r-hs---- C:\PROGRA~1\COMMON~1\System\vd3_sys.dat

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2004-02-23 15:43 49152]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe" [2007-08-19 19:56 2731008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-02-23 15:43 3026944]
"nwiz"="nwiz.exe" [2004-02-23 15:43 753664 C:\WINDOWS\system32\nwiz.exe]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2005-12-25 19:33:17 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
MagicTune3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2005-12-25 19:33:36 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-12-25 19:32:29 155715]
update.exe [2008-01-26 15:24:21 93870]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
".DLL"= 1 (0x1)
".OCX"= 0 (0x0)
"Find File And Download"= 1 (0x1)
"Search By Pages"= 1 (0x1)
"save chnages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-10-18 10:38]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 07:36:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-01-19 23:46:42 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:40:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 22:44:08
ComboFix-quarantined-files.txt 2008-02-01 04:43:58
ComboFix2.txt 2008-01-31 06:41:19
ComboFix3.txt 2007-11-03 05:09:03
ComboFix4.txt 2007-11-03 01:20:16
ComboFix5.txt 2007-10-22 14:54:07

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 PM

Posted 01 February 2008 - 12:25 AM

Well drat! Let's do this again............

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\PROGRA~1\COMMON~1\System\vd3_sys.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. Stubborn stuff. :blink: Well, I'm more stubborn than it is. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 February 2008 - 09:08 AM

tea,

I have total faith in you!


Here is the new Combofix log:

ComboFix 08-02.01.6 - Owner 2008-02-01 7:19:15.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\COMMON~1\System\vd3_sys.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 07:11 . 2008-01-31 11:55 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-31 07:05 . 2008-01-31 11:56 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-30 08:14 . 2008-01-30 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 08:14 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 05:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 05:39 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 05:39 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 05:39 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 05:39 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 05:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-27 10:42 . 2008-01-27 10:42 0 --ah----- C:\Documents and Settings\Owner\Application Data\cachest.dat
2008-01-26 15:19 . 2008-01-26 15:19 40,507 --a------ C:\Documents and Settings\Owner\wn789.exe
2008-01-19 00:26 . 2008-01-26 20:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 20:27 . 2008-01-18 20:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-18 20:21 . 2008-01-18 20:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-18 20:21 . 2008-01-18 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-18 20:18 . 2008-01-18 20:18 <DIR> d-------- C:\Program Files\SAMSUNG
2008-01-18 19:40 . 2008-01-18 19:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-18 19:20 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\system32\SET1165.tmp
2008-01-18 19:20 . 2007-12-01 00:26 6,656 --a------ C:\WINDOWS\system32\SET115D.tmp
2008-01-18 19:15 . 2007-12-01 00:25 8,461,312 --a------ C:\WINDOWS\system32\SET203.tmp
2008-01-18 19:14 . 2007-12-01 00:26 727,040 --a------ C:\WINDOWS\system32\SET19F.tmp
2008-01-18 19:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002888_.tmp
2008-01-18 19:09 . 2004-08-04 01:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-01-18 19:09 . 2004-07-01 16:08 331,776 --a------ C:\WINDOWS\system32\SET1828.tmp
2008-01-18 19:09 . 2002-08-29 13:00 6,788 --a------ C:\WINDOWS\system32\dllcache\secupd.sig
2008-01-18 19:09 . 2002-08-29 13:00 4,573 --a------ C:\WINDOWS\system32\dllcache\secupd.dat
2008-01-18 19:08 . 2002-08-29 06:00 162,304 --a------ C:\WINDOWS\system32\SET168C.tmp
2008-01-18 19:08 . 2002-08-29 06:00 9,216 --a------ C:\WINDOWS\system32\SET184F.tmp
2008-01-18 19:06 . 2004-07-07 19:37 2,803,712 --a------ C:\WINDOWS\system32\SET16A0.tmp
2008-01-18 19:05 . 2004-06-10 13:51 8,350,720 --a------ C:\WINDOWS\system32\SET17A1.tmp
2008-01-18 17:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\Common Files\Ahead(2)
2008-01-18 16:49 . 2008-01-18 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero(2)
2008-01-18 16:43 . 2008-01-18 19:45 <DIR> d-------- C:\Program Files\SAMSUNG(2)
2008-01-16 19:37 . 2008-01-18 19:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe(2)
2008-01-16 16:54 . 2008-01-16 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-16 10:59 . 2008-01-16 16:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-01-16 10:57 . 2008-01-16 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 10:52 . 2008-01-16 10:52 <DIR> d-------- C:\Program Files\Nero
2008-01-09 22:33 . 2008-01-09 22:52 <DIR> d-------- C:\Program Files\MP3Dancer
2008-01-09 22:33 . 2008-01-09 22:33 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2008-01-09 22:31 . 2008-01-09 22:31 <DIR> d-------- C:\Program Files\Winamp
2008-01-09 22:17 . 2008-01-09 22:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2008-01-09 22:16 . 2008-01-28 21:59 <DIR> d-------- C:\Program Files\SoundSpectrum
2008-01-03 11:24 . 2008-01-03 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-02 16:00 . 2008-01-02 16:00 <DIR> d-------- C:\Program Files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 04:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-02-01 04:20 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-29 03:59 --------- d-----w C:\Program Files\DivX
2008-01-26 22:58 --------- d-----w C:\Program Files\BearShare
2008-01-26 16:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\RipIt4Me
2008-01-25 18:34 4,114 ----a-w C:\WINDOWS\viassary-hp.reg
2008-01-21 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-19 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 01:39 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 23:09 98,304 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2008-01-18 23:09 77,824 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2008-01-18 23:09 69,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2008-01-18 23:09 5,632 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2008-01-18 23:09 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2008-01-18 23:09 45,056 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2008-01-18 23:09 434,176 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2008-01-18 23:09 4,096 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2008-01-18 23:09 36,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2008-01-18 23:09 356,352 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2008-01-18 23:09 344,064 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2008-01-18 23:09 32,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2008-01-18 23:09 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2008-01-18 23:09 307,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2008-01-18 23:09 3,072 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2008-01-18 23:09 282,624 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2008-01-18 23:09 26,572 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2008-01-18 23:09 24,576 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2008-01-18 23:09 213,089 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motive.zip
2008-01-18 23:09 212,992 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2008-01-18 23:09 159,744 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2008-01-18 23:09 155,877 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\js.zip
2008-01-18 23:09 139,264 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2008-01-18 23:09 122,880 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2008-01-18 23:09 114,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2008-01-18 03:52 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-01-02 20:19 --------- d-----w C:\Program Files\Google
2007-12-27 00:43 --------- d-----w C:\Program Files\Avery Wizard 3.1
2007-12-27 00:39 --------- d-----w C:\Program Files\Common Files\Avery
2007-12-25 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-23 07:39 155,995 ----a-w C:\WINDOWS\Java\Packages\qqv9f3bt.zip
2007-12-23 07:26 --------- d-----w C:\Program Files\InterVideo
2007-12-20 15:48 --------- d-----w C:\Program Files\InterActual
2007-12-20 01:36 --------- d-----w C:\Program Files\Ligos
2007-12-19 18:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 18:01 --------- d-----w C:\Program Files\Common Files\Real
2007-12-18 06:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-18 06:05 --------- d-----w C:\Program Files\Needed-Files-Downloader
2007-12-18 06:04 45,568 ----a-w C:\WINDOWS\system32\Hackpro.dll
2007-12-18 06:04 26,768 ----a-w C:\WINDOWS\system32\CTL3D.DLL
2007-12-18 06:04 195,584 ----a-w C:\WINDOWS\system32\Xvoice.dll
2007-12-18 06:04 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2007-12-18 06:03 398,416 ----a-w C:\WINDOWS\system32\VBRUN300.DLL
2007-12-18 06:03 268,192 ----a-w C:\WINDOWS\system32\SVTRAN.DLL
2007-12-18 06:03 105,181 ----a-w C:\WINDOWS\system32\SVTTS.DLL
2007-12-18 06:02 90,112 ----a-w C:\WINDOWS\system32\YCrypt.dll
2007-12-18 06:02 89,970 ----a-w C:\WINDOWS\system32\YMSG12ENCRYPT.dll
2007-12-18 06:02 60,992 ----a-w C:\WINDOWS\system32\WPCTRL.DLL
2007-12-18 06:02 51,712 ----a-w C:\WINDOWS\system32\YMSG_12.dll
2007-12-18 06:02 232,849 ----a-w C:\WINDOWS\system32\yacscom.dll
2007-12-18 06:02 200,704 ----a-w C:\WINDOWS\system32\yacsui.dll
2007-12-18 06:02 145,360 ----a-w C:\WINDOWS\system32\WEBPOST.DLL
2007-12-18 06:02 122,880 ----a-w C:\WINDOWS\system32\YMSG12Crypt.dll
2007-12-18 06:02 109,504 ----a-w C:\WINDOWS\system32\WPWIZDLL.DLL
2007-12-18 06:01 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL
2007-12-18 06:01 875,520 ----a-w C:\WINDOWS\system32\VFP6RENU.DLL
2007-12-18 06:01 548,864 ----a-w C:\WINDOWS\system32\rtcdll.dll
2007-12-18 06:01 48,936 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-12-18 06:01 4,608 ----a-w C:\WINDOWS\system32\ticacgpa.dll
2007-12-18 06:01 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2007-12-18 06:01 3,370,768 ----a-w C:\WINDOWS\system32\VFP6R.DLL
2007-12-18 06:01 185,344 ----a-w C:\WINDOWS\system32\Thawbrkr.dll
2007-12-18 06:01 178,609 ----a-w C:\WINDOWS\system32\SCRIPTLE.DLL
2007-12-18 06:01 150,528 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2007-12-18 06:01 118,784 ----a-w C:\WINDOWS\system32\SQLPARSE.DLL
2007-12-18 06:00 98,496 ----a-w C:\WINDOWS\system32\POSTWPP.DLL
2007-12-18 06:00 72,704 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL
2007-12-18 06:00 62,224 ----a-w C:\WINDOWS\system32\nwapi32.dll
2007-12-18 06:00 50,816 ----a-w C:\WINDOWS\system32\PIPARSE.DLL
2007-12-18 06:00 50,688 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-12-18 06:00 4,608 ----a-w C:\WINDOWS\system32\nmwcdlog.dll
2007-12-18 06:00 32,768 ----a-w C:\WINDOWS\system32\RACREG32.DLL
2007-12-18 06:00 307,200 ----a-w C:\WINDOWS\system32\QTMLClient.dll
2007-12-18 06:00 30,720 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-18 06:00 183,558 ----a-w C:\WINDOWS\system32\PDM.DLL
2007-12-18 06:00 16,896 ----a-w C:\WINDOWS\system32\ODKOB32.DLL
2007-12-18 06:00 15,120 ----a-w C:\WINDOWS\system32\REPUTIL.DLL
2007-12-18 05:59 94,285 ----a-w C:\WINDOWS\system32\MSVCIRTD.DLL
2007-12-18 05:59 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-18 05:59 47,104 ----a-w C:\WINDOWS\system32\mspmspsv.dll
2007-12-18 05:59 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-18 05:59 407,312 ----a-w C:\WINDOWS\system32\MSREPL35.DLL
2007-12-18 05:59 174,744 ----a-w C:\WINDOWS\system32\MSSDM.DLL
2007-12-18 05:59 1,233,680 ----a-w C:\WINDOWS\system32\MSJT4JLT.DLL
2007-12-18 05:58 69,120 ----a-w C:\WINDOWS\system32\MSDBG.DLL
2007-10-22 14:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007102220071023\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}]
C:\PROGRA~1\COMMON~1\System\vd3_sys.dat

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2004-02-23 15:43 49152]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe" [2007-08-19 19:56 2731008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-02-23 15:43 3026944]
"nwiz"="nwiz.exe" [2004-02-23 15:43 753664 C:\WINDOWS\system32\nwiz.exe]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2005-12-25 19:33:17 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
MagicTune3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2005-12-25 19:33:36 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-12-25 19:32:29 155715]
update.exe [2008-01-26 15:24:21 93870]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
".DLL"= 1 (0x1)
".OCX"= 0 (0x0)
"Find File And Download"= 1 (0x1)
"Search By Pages"= 1 (0x1)
"save chnages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-10-18 10:38]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 07:36:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-01-19 23:46:42 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 07:24:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 7:27:30
ComboFix-quarantined-files.txt 2008-02-01 13:27:15
ComboFix2.txt 2008-02-01 13:17:15
ComboFix3.txt 2008-02-01 04:44:09
ComboFix4.txt 2008-01-31 06:41:19
ComboFix5.txt 2007-11-03 05:09:03






And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:45 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.13.247.82:3128
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: update.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.hyosungmotorsusa.com/CAB/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247881468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192247827593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~3\sp_rsser.exe

--
End of file - 7352 bytes

#15 SilveradoSS

SilveradoSS
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 February 2008 - 09:14 AM

Update! No new redirects since last ComboFix scan!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users