Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Internet Popups Etc.


  • This topic is locked This topic is locked
2 replies to this topic

#1 VirusVictim2

VirusVictim2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 11 February 2008 - 10:55 AM

I just bought a Dell XPS notebook and have found a mass infection of trojans, virus, backdoor and on and on the list goes. I didn't do what I had done in the past by installing AVG and Zonealarm but relied on Windows xp which I had no experience with.

Computer wants to connect to internet. Internet Explorer windows open one after the other. Emits sounds that are repeated over and over... the list goes on.

I have run Adaware, combofix, spyware blaster, AVG, Spybot, Hijack this, ATF cleaner, curit and the list goes on. I am about to ad the programs you suggest here to the lot and have already saved logs from Combofix and HJT.

I am putting the programs on a USB flash drive from another computer I have... Windows 2000 which I hope is free of these nasties. The Dell XPS is haveing many attacks and untill I get it under control want to stay off the internet. This last time I logged on the internet it froze up and had to hold start button down to gain control... so the scans I did got rid of a lot but something remains.

WXYZ and 1256 are two that stick in my mind but many more were present. Oh, I also ran Vundo but it found nothing which seamed strange since that is what cought my attention after searching for a cause.

So I am asking if someone could look at my logs and maybe help me rid these nasties from my compuer system.

Thanks for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:54 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\POPFile\popfileib.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: NaturalReader.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\naturalsoft\naturalreader7\NVRIEbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WScheduler] C:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141775997406
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: mmlryasn - mmlryasn.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 13025 bytes


ComboFix 08-02.05.3 - 2 2008-02-10 10:23:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1348 [GMT -5:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 09:42 . 2004-08-10 06:00 388,608 --a------ C:\kmd.exe
2008-02-09 09:29 . 2008-02-09 09:29 <DIR> d-------- C:\Documents and Settings\2\DoctorWeb
2008-02-08 17:52 . 2008-02-08 17:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 10:54 . 2008-02-09 09:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-07 01:53 . 2008-02-07 01:55 <DIR> d-------- C:\Program Files\POP Peeper
2008-02-07 01:25 . 2008-02-07 12:32 <DIR> d-------- C:\Downloads
2008-02-07 01:09 . 2008-02-07 01:09 <DIR> d-------- C:\Program Files\Panicware
2008-02-07 01:09 . 2001-05-22 23:45 45,056 --a------ C:\WINDOWS\PANIC32.dll
2008-02-07 01:09 . 2001-09-16 11:44 40,960 --a------ C:\WINDOWS\PANICNT.dll
2008-02-07 00:46 . 2003-01-29 22:15 206,464 --a------ C:\WINDOWS\system32\drivers\udfreadr.sys
2008-02-07 00:46 . 2003-01-29 22:19 90,112 --a------ C:\WINDOWS\system32\udfrunin.exe
2008-02-06 21:50 . 2008-02-06 21:50 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-02-06 21:08 . 2008-02-07 15:10 <DIR> d-------- C:\Program Files\GetRight
2008-02-06 18:56 . 2008-02-09 11:38 <DIR> d-------- C:\VundoFix Backups
2008-02-06 18:51 . 2008-02-06 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-02-06 13:15 . 2008-02-06 21:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 13:15 . 2008-02-06 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 17:07 . 2008-02-05 17:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-05 16:55 . 2008-02-07 22:12 <DIR> d-------- C:\Program Files\NoAds
2008-02-05 15:34 . 2008-02-07 00:53 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-05 15:34 . 2008-02-07 00:54 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-05 15:34 . 2008-02-10 09:03 891 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-02-05 10:52 . 2008-02-09 09:34 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-05 10:46 . 2008-02-09 11:55 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-02-05 10:46 . 2008-02-05 10:46 <DIR> d-------- C:\Temp\isgTi19
2008-02-01 09:38 . 2008-02-01 09:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-01 09:37 . 2008-02-01 09:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-31 17:09 . 2008-01-31 17:09 <DIR> d-------- C:\Documents and Settings\2\Application Data\CyberLink
2008-01-24 17:59 . 2008-01-24 17:59 <DIR> d-------- C:\Program Files\New Folder (2)
2008-01-24 17:59 . 2008-01-24 17:59 <DIR> d-------- C:\Program Files\New Folder
2008-01-23 10:40 . 2008-01-23 10:40 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-01-23 10:40 . 2008-01-23 10:40 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-01-23 10:40 . 2008-01-23 10:45 <DIR> d-------- C:\Documents and Settings\2\Application Data\Paltalk
2008-01-22 18:31 . 2008-01-22 18:31 <DIR> d--h----- C:\WINDOWS\system32\WLANProfiles
2008-01-22 18:31 . 2008-01-22 18:31 <DIR> d--h----- C:\Settings
2008-01-22 18:31 . 2008-01-22 18:31 516 --a------ C:\Settings.ini
2008-01-21 11:03 . 2008-02-06 22:01 <DIR> d-------- C:\Program Files\DreamQuest
2008-01-17 16:44 . 2008-01-17 16:44 <DIR> d-------- C:\Program Files\WIDCOMM
2008-01-13 07:19 . 2008-01-13 07:19 <DIR> d-------- C:\Documents and Settings\2\Bluetooth Software
2008-01-11 19:34 . 2008-01-11 19:34 <DIR> d-------- C:\Program Files\HP DeskJet 895C Series
2008-01-11 19:34 . 2008-01-11 19:34 243 --a------ C:\WINDOWS\HPFTBX15.INI
2008-01-11 19:09 . 2004-08-03 23:10 35,456 --a------ C:\WINDOWS\system32\drivers\BTHPRINT.SYS
2008-01-11 19:09 . 2004-08-03 23:10 35,456 --a------ C:\WINDOWS\system32\dllcache\bthprint.sys
2008-01-11 19:07 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-01-11 19:07 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-01-11 11:30 . 2008-01-11 11:30 <DIR> d-------- C:\Program Files\TTS1.4
2008-01-11 11:30 . 2008-01-11 12:09 <DIR> d-------- C:\Program Files\Naturalsoft
2008-01-10 09:12 . 2008-02-06 21:50 <DIR> d-------- C:\WINDOWS\system32\dla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 14:28 --------- d-----w C:\Program Files\SystemScheduler
2008-02-10 14:05 --------- d-----w C:\Documents and Settings\2\Application Data\POPFile
2008-02-10 13:59 1,031,168 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-10 13:58 64,000 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-08 21:55 653,824 ----a-w C:\WINDOWS\Internet Logs\xDB2031.tmp
2008-02-08 21:55 1,003,520 ----a-w C:\WINDOWS\Internet Logs\xDB1F90.tmp
2008-02-08 03:52 --------- d-----w C:\Program Files\QuoteTracker
2008-02-07 15:17 --------- d-----w C:\Program Files\Siber Systems
2008-02-07 02:49 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-07 01:04 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-07 00:41 939,520 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-06 22:56 --------- d-----w C:\Program Files\Sonic
2008-02-06 21:05 930,816 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-06 21:05 606,208 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-06 17:13 966,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-06 17:12 412,160 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-04 13:24 --------- d-----w C:\Program Files\e-Sword
2008-01-27 12:49 --------- d-----w C:\Program Files\Google
2008-01-22 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-15 03:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 14:17 --------- d-----w C:\Program Files\Dl_cats
2008-01-10 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-01-10 13:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 21:03 --------- d-----w C:\Documents and Settings\2\Application Data\ieSpell
2008-01-03 21:37 --------- d-----w C:\Program Files\Quicken
2008-01-03 20:59 --------- d-----w C:\Program Files\ieSpell
2008-01-02 15:38 --------- d-----w C:\Documents and Settings\2\Application Data\U3
2008-01-01 12:06 --------- d-----w C:\Program Files\Microsoft Streets & Trips
2008-01-01 12:06 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-12-31 18:40 --------- d-----w C:\Program Files\QuickTime
2007-12-31 18:40 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-31 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-31 15:36 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-12-30 17:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-30 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-30 16:50 --------- d-----w C:\Program Files\Dell Support Center
2007-12-30 16:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-30 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-29 18:02 --------- d-----w C:\Program Files\Apoint
2007-12-28 15:55 --------- d-----w C:\Program Files\SmartSync Pro
2007-12-28 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-12-27 20:49 --------- d-----w C:\Program Files\Microsoft Works
2007-12-27 18:50 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-27 18:50 --------- d-----w C:\Documents and Settings\2\Application Data\Microsoft Web Folders
2007-12-27 17:26 --------- d-----w C:\Program Files\Intuit
2007-12-27 16:08 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2007-12-27 16:08 --------- d-----w C:\Documents and Settings\2\Application Data\Intuit
2007-12-27 15:52 --------- d-----w C:\Program Files\Natural Voice Mike16
2007-12-27 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\NaturalSoft
2007-12-27 14:41 --------- d-----w C:\Program Files\CCleaner
2007-12-27 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 13:21 --------- d-----w C:\Documents and Settings\2\Application Data\GoodSync
2007-12-27 02:02 --------- d-----w C:\Program Files\Zone Labs
2007-12-26 23:46 --------- d-----w C:\Program Files\POPFile
2007-12-26 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2007-12-26 22:31 --------- d-----w C:\Program Files\QuoteTracker2
2007-12-26 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-10 17:37 --------- d-----w C:\Program Files\TurboTax
2007-12-10 17:22 --------- d-----w C:\Program Files\ItsDeductible2005
2007-12-10 15:48 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-10 15:48 --------- d-----w C:\Documents and Settings\2\Application Data\Jasc Software Inc
2007-12-10 15:44 --------- d-----w C:\Program Files\Hewlett-Packard
2006-03-18 11:20 0 ----a-w C:\Documents and Settings\2\Application Data\wklnhst.dat
2006-10-27 23:27 56 --sh--r C:\WINDOWS\system32\55365BC3D7.sys
2006-02-18 23:46 56 --sh--r C:\WINDOWS\system32\6E6CAD4A60.sys
2006-11-19 22:00 4,912 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 18:44 1200128]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-27 17:02 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 18:25 101080]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]
"NoAds"="C:\Program Files\NoAds\NoAds.exe" [2008-02-07 08:21 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-02 17:19 26112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"nwiz"="nwiz.exe" [2005-09-08 17:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-08 17:58 7118848]
"MemoryCardManager"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14 188416]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 15:47 430080]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 22:27 655360]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39 147456]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"WScheduler"="C:\PROGRA~1\SYSTEM~1\WScheduler.exe" [2007-06-25 20:19 75264]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-05-17 04:56 697624]

C:\Documents and Settings\2\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-07-16 17:46:34 57344]
Run POPFile.lnk - C:\Program Files\POPFile\runpopfile.exe [2006-02-16 15:40:03 69010]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-02 17:15:20 24576]
F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2005-12-06 21:27:25 135168]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2008-02-07 01:25:31 1875968]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-27 17:02:58 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-08 21:41:04 528384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmlryasn]
mmlryasn.dll

R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [1999-08-10 13:51]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S2 HPFECP15;HPFECP15;C:\WINDOWS\system32\drivers\HPFECP15.SYS [1999-02-16 11:28]
S3 BTHprint;Microsoft Bluetooth Printer Class;C:\WINDOWS\system32\DRIVERS\bthprint.sys [2004-08-03 23:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f36f1c39-b3f2-11dc-931f-001422dd8c57}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f36f1c3a-b3f2-11dc-931f-001422dd8c57}]
\Shell\AutoRun\command - setupSNK.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 10:25:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\NoAds\NoAds.dll
.
Completion time: 2008-02-10 10:26:11
ComboFix-quarantined-files.txt 2008-02-10 15:25:54
ComboFix2.txt 2008-02-09 14:49:05
ComboFix3.txt 2008-02-09 01:52:53
.
2008-02-04 21:30:12 --- E O F ---

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 AM

Posted 17 February 2008 - 04:39 PM

Hello VirusVictim2,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 AM

Posted 03 March 2008 - 05:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users