Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtunmonde, Winfixer, And Everything Under The Sun


  • Please log in to reply
6 replies to this topic

#1 me1916

me1916

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 10 February 2008 - 11:53 AM

:thumbsup: Some how I've been hijacked, every virus ever invented... when I log onto the ineternet I get message telling my my system in not working properly, then a number of internet windows open with error message.....Please help remove....Thank You!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:20 PM, on 2/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signed-n-sealed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\vtstq.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WPC55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8048 bytes

BC AdBot (Login to Remove)

 


#2 me1916

me1916
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 13 February 2008 - 03:18 AM

I have a number of popups that constantly pop up telling me my systems is unstable, kernal error, etc. The other problem is numerous internet explorer windows will open with http\\\ with and error message cannot find server. Please review my log and give directions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:07 PM, on 2/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signed-n-sealed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\vtstq.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WPC55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [fc85bf79] rundll32.exe "C:\WINDOWS\System32\fmktdfbt.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8160 bytes

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 19 February 2008 - 01:25 PM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#4 me1916

me1916
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 22 February 2008 - 02:27 AM

Thank you for you assistance...

here is my Combo log..




ComboFix 08-02-22 - LaVon 2008-02-21 22:25:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.311 [GMT -8:00]
Running from: F:\Virus fix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LaVon\Application Data\macromedia\Flash Player\#SharedObjects\M6UPC7S6\www.broadcaster.com
C:\Documents and Settings\LaVon\Application Data\macromedia\Flash Player\#SharedObjects\M6UPC7S6\www.broadcaster.com\played_list.sol
C:\Documents and Settings\LaVon\Application Data\macromedia\Flash Player\#SharedObjects\M6UPC7S6\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\LaVon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\LaVon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\mbols~1
C:\Program Files\smante~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\xpreload.ocx
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\aarlqcbu.dllbox
C:\WINDOWS\system32\awtsqqq.dll
C:\WINDOWS\system32\aykyykhq.dll
C:\WINDOWS\system32\cpsxomss.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cwmvdmqw.dll
C:\WINDOWS\system32\dcxfoeyk.dll
C:\WINDOWS\system32\elwtptdy.dll
C:\WINDOWS\system32\eussdidd.dll
C:\WINDOWS\system32\fmlufkgs.ini
C:\WINDOWS\system32\fpaqbaxp.dll
C:\WINDOWS\system32\houuilxr.ini
C:\WINDOWS\system32\hwtthsho.dll
C:\WINDOWS\system32\kanryjit.dll
C:\WINDOWS\system32\khtviwmu.ini
C:\WINDOWS\system32\lgltqcic.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nkkgytio.dll
C:\WINDOWS\system32\nmsjhdbk.dll
C:\WINDOWS\system32\nrmwqndm.dll
C:\WINDOWS\system32\pbvtjglt.dll
C:\WINDOWS\system32\pgfrgmhd.dll
C:\WINDOWS\system32\pxabqapf.ini
C:\WINDOWS\system32\qhkyykya.ini
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\sgkfulmf.dll
C:\WINDOWS\system32\vpaxxtfw.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wtsxiswa.dll
C:\WINDOWS\system32\wtsxiswa.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-20 01:10 . 2008-02-20 01:10 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Yahoo!
2008-02-14 21:58 . 2008-02-15 23:35 1,254 --ahs---- C:\WINDOWS\system32\jhglkpba.ini
2008-02-12 23:01 . 2008-02-14 21:56 1,074 --ahs---- C:\WINDOWS\system32\tbfdtkmf.ini
2008-02-12 21:19 . 2008-02-12 23:00 654 --ahs---- C:\WINDOWS\system32\wcittdyn.ini
2008-02-11 14:22 . 2008-02-12 21:16 534 --ahs---- C:\WINDOWS\system32\hubtvrkn.ini
2008-02-09 08:44 . 2008-02-09 08:42 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-09 08:44 . 2008-02-09 08:44 3,452 --a------ C:\WINDOWS\unins000.dat
2008-02-04 18:39 . 2008-02-13 22:25 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-02-03 19:23 . 2008-02-09 01:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-03 19:23 . 2008-02-09 01:38 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-03 19:23 . 2008-02-09 01:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-03 19:23 . 2008-02-09 01:38 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-03 18:13 . 2008-02-03 17:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-03 17:05 . 2008-02-09 01:35 <DIR> d-------- C:\Documents and Settings\LaVon\.housecall6.6
2008-02-03 16:25 . 2008-02-03 16:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 16:25 . 2008-02-03 16:26 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 16:23 . 2008-02-03 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 13:30 . 2008-02-03 14:32 354 --ahs---- C:\WINDOWS\system32\sugtddkc.ini
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Symantec
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Sony Corporation
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Roxio
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\MSN6
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\InterVideo
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\CompanionLink
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Aim
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\AdobeUM
2008-01-29 22:35 . 2008-01-29 22:35 <DIR> d----c--- C:\Documents and Settings\Devin\.limewire
2008-01-29 21:44 . 2008-01-29 21:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-27 17:31 . 2008-01-29 22:33 <DIR> d-------- C:\Program Files\Popup Eliminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 07:46 --------- d-----w C:\Program Files\Broderbund
2008-02-11 22:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-04 05:06 --------- d-----w C:\Program Files\QuickTime
2008-02-04 04:55 --------- d-----w C:\Program Files\Dual-Band Wireless A+G Notebook Adapter
2008-02-04 04:53 --------- d-----w C:\Program Files\Apoint
2008-02-04 03:59 --------- d-----w C:\Program Files\Google
2008-02-03 21:42 --------- d-----w C:\Program Files\Ad-aware 6
2008-01-30 06:35 --------- d-----w C:\Program Files\Netcom3 Cleaner
2008-01-22 14:47 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Roxio
2008-01-21 00:37 --------- d-----w C:\Program Files\Trend Micro
2008-01-16 05:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-16 05:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-16 05:01 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Yahoo!
2008-01-14 18:19 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Paltalk
2008-01-09 23:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-01 09:53 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Intuit
2008-01-01 09:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 09:46 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-01 09:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-01 09:37 --------- d-----w C:\Program Files\TurboTax
2007-12-04 05:27 106,096 -c--a-w C:\Documents and Settings\LaVon\Application Data\GDIPFONTCACHEV1.DAT
2007-12-01 09:45 37,027 ----a-w C:\WINDOWS\atmoUn.exe
.
<pre>
----a-w		   114,688 2008-02-03 22:30:38  C:\Program Files\Apoint\Apoint .exe
----a-w			65,536 2008-02-22 04:31:47  C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
----a-w		   218,240 2008-02-22 04:31:51  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
----a-w		 4,798,976 2008-02-03 22:31:46  C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG .exe
----a-w		   132,496 2008-02-03 22:31:44  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   426,496 2008-02-03 22:30:52  C:\Program Files\QuickTime\qttask	   .exe
----a-w			77,824 2008-02-04 02:09:46  C:\Program Files\QuickTime\qttask	 .exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask	.exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask   .exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask  .exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask .exe
----a-w		   319,488 2008-02-03 22:31:23  C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
----a-w		   868,352 2008-02-03 22:31:22  C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
----a-w			45,056 2008-02-03 22:30:40  C:\Program Files\SigmaTel\C-Major Audio\stacmon .exe
----a-w			90,112 2008-02-03 22:30:46  C:\Program Files\Sony\HotKey Utility\HKserv .exe
----a-w		 1,409,024 2008-02-03 22:31:12  C:\Program Files\support.com\client\bin\tgcmd .exe
----a-w			28,672 2008-02-05 03:15:45  C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe
----a-w			13,312 2008-02-14 06:25:01  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:00 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [ ]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [ ]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [ ]
"WPC55AG.exe"="C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe" [ ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-23 21:34 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-02 23:58:46 113664]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-08-07 13:45:44 872448]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2003-09-25 12:06:26 163840]

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2003-03-13 13:19]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
S3 BulkUsb;rylm100.sys;C:\WINDOWS\System32\Drivers\rylm100.sys [2005-06-16 09:27]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\System32\DRIVERS\pelmouse.sys [2002-06-28 17:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\System32\DRIVERS\pelusblf.sys [2001-07-24 09:34]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2004-03-29 03:58:21 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-03-29 03:58:21 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-02-17 20:04:23 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 22:35:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-02-21 22:37:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 06:37:26


My hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:05 PM, on 2/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signed-n-sealed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WPC55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8637 bytes

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 23 February 2008 - 03:46 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

FILE::
C:\WINDOWS\system32\jhglkpba.ini
C:\WINDOWS\system32\tbfdtkmf.ini
C:\WINDOWS\system32\wcittdyn.ini
C:\WINDOWS\system32\hubtvrkn.ini
C:\WINDOWS\system32\sugtddkc.ini

RENV::
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon .exe
C:\Program Files\Sony\HotKey Utility\HKserv .exe
C:\Program Files\support.com\client\bin\tgcmd .exe
C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe
C:\WINDOWS\system32\ctfmon .exe


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#6 me1916

me1916
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 02 March 2008 - 09:10 PM

Thank you for your help,,.,here is my new

combo fix log

ComboFix 08-03-03.6 - LaVon 2008-03-02 17:57:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.252 [GMT -8:00]
Running from: C:\Program Files\Combofix\ComboFix.exe
Command switches used :: F:\bleepingcomputer virus fix\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hubtvrkn.ini
C:\WINDOWS\system32\jhglkpba.ini
C:\WINDOWS\system32\sugtddkc.ini
C:\WINDOWS\system32\tbfdtkmf.ini
C:\WINDOWS\system32\wcittdyn.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hubtvrkn.ini
C:\WINDOWS\system32\jhglkpba.ini
C:\WINDOWS\system32\sugtddkc.ini
C:\WINDOWS\system32\tbfdtkmf.ini
C:\WINDOWS\system32\wcittdyn.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 17:54 . 2008-03-02 17:54 <DIR> d-------- C:\Program Files\Combofix
2008-03-02 17:53 . 2008-03-02 17:53 <DIR> d----c--- C:\ComboFix[1]
2008-03-02 16:49 . 2002-08-29 04:00 375,808 --a------ C:\kmd.exe
2008-02-22 00:49 . 2008-02-22 00:49 <DIR> d----c--- C:\Documents and Settings\Marvin\Application Data\Yahoo!
2008-02-20 01:10 . 2008-02-20 01:10 <DIR> d----c--- C:\Documents and Settings\Devin\Application Data\Yahoo!
2008-02-09 08:44 . 2008-02-09 08:42 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-09 08:44 . 2008-02-09 08:44 3,452 --a------ C:\WINDOWS\unins000.dat
2008-02-03 19:23 . 2008-02-09 01:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-03 19:23 . 2008-02-09 01:38 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-03 19:23 . 2008-02-09 01:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-03 19:23 . 2008-02-09 01:38 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-03 18:13 . 2008-02-03 17:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-03 17:05 . 2008-02-09 01:35 <DIR> d-------- C:\Documents and Settings\LaVon\.housecall6.6
2008-02-03 16:25 . 2008-02-03 16:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 16:25 . 2008-02-03 16:26 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-02-03 16:23 . 2008-02-03 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 01:57 --------- d-----w C:\Program Files\QuickTime
2008-03-03 01:57 --------- d-----w C:\Program Files\Dual-Band Wireless A+G Notebook Adapter
2008-03-03 01:57 --------- d-----w C:\Program Files\Apoint
2008-02-22 06:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 07:46 --------- d-----w C:\Program Files\Broderbund
2008-02-11 22:22 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-04 03:59 --------- d-----w C:\Program Files\Google
2008-02-04 02:09 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
2008-02-03 21:42 --------- d-----w C:\Program Files\Ad-aware 6
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\Symantec
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\Sony Corporation
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\Roxio
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\MSN6
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\InterVideo
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\CompanionLink
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\Aim
2008-01-30 06:35 --------- dc----w C:\Documents and Settings\Devin\Application Data\AdobeUM
2008-01-30 06:35 --------- d-----w C:\Program Files\Netcom3 Cleaner
2008-01-30 06:33 --------- d-----w C:\Program Files\Popup Eliminator
2008-01-22 14:47 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Roxio
2008-01-21 00:37 --------- d-----w C:\Program Files\Trend Micro
2008-01-16 05:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-16 05:02 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-01-16 05:01 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Yahoo!
2008-01-14 18:19 --------- d-----w C:\Documents and Settings\LaVon\Application Data\Paltalk
2008-01-09 23:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-04 05:27 106,096 -c--a-w C:\Documents and Settings\LaVon\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w		   426,496 2008-02-03 22:30:52  C:\Program Files\QuickTime\qttask	   .exe
----a-w			77,824 2008-02-04 02:09:46  C:\Program Files\QuickTime\qttask	 .exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask	.exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask   .exe
----a-w			77,824 2008-02-04 02:09:47  C:\Program Files\QuickTime\qttask  .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:00 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2008-02-03 14:30 114688]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2008-02-03 14:30 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2008-02-04 19:15 28672]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2008-02-21 20:31 65536]
"WPC55AG.exe"="C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe" [2008-02-03 14:31 4798976]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2008-02-21 20:31 218240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-23 21:34 171448]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-02 23:58:46 113664]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-08-07 13:45:44 872448]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2003-09-25 12:06:26 163840]

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2003-03-13 13:19]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
S3 BulkUsb;rylm100.sys;C:\WINDOWS\System32\Drivers\rylm100.sys [2005-06-16 09:27]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\System32\DRIVERS\pelmouse.sys [2002-06-28 17:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\System32\DRIVERS\pelusblf.sys [2001-07-24 09:34]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 18:01:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2008-03-02 18:03:26 - machine was rebooted [LaVon]
ComboFix-quarantined-files.txt 2008-03-03 02:03:23
ComboFix2.txt 2008-02-22 06:37:31



my new hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:17 PM, on 3/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signed-n-sealed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WPC55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 04 March 2008 - 03:47 PM

Sorry for the delay.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

RENV::
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users