Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Msn Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 vec

vec

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 04 March 2008 - 11:39 AM

Hi! I have annoying msn trojan, that sends link to all my contatcs when i am offline... I tried to remove it with spybot s&d, adaware, registry cleaner, even with my avast anti virus (all programs are updated) and it dosen't work :flowers:

here is combo fix log
plz help me :thumbsup:


ComboFix 08-03-04.2 - Vedran 2008-03-04 17:27:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1372 [GMT 1:00]
Running from: C:\Documents and Settings\Vedran\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 652030 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vedran\Application Data\macromedia\Flash Player\#SharedObjects\YKMWDUTK\www.broadcaster.com
C:\Documents and Settings\Vedran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Vedran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-04 00:13 . 2006-07-01 12:00 304,640 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-03-04 00:13 . 2006-07-01 12:00 29,024 --a------ C:\WINDOWS\system32\drivers\haspflt.sys
2008-03-04 00:13 . 2006-07-01 12:00 383 --a------ C:\WINDOWS\system32\drivers\haspdos.sys
2008-03-04 00:09 . 2006-07-01 12:00 665,600 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-03-04 00:09 . 2006-07-01 12:00 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-03-04 00:09 . 2006-07-01 12:00 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-03-04 00:09 . 2008-03-04 00:09 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-03-04 00:08 . 2005-09-22 05:01 2,158,267 --a------ C:\WINDOWS\haspds_windows.dll
2008-03-04 00:08 . 2005-10-26 18:04 274,432 --a------ C:\WINDOWS\system32\rbtpsnet.dll
2008-03-04 00:07 . 2008-03-04 00:09 357 --a------ C:\WINDOWS\Robot Office Common.ini
2008-03-03 23:48 . 2008-03-03 23:48 <DIR> d-------- C:\Program Files\ROBOT Structural Office
2008-03-03 23:48 . 2002-11-15 19:23 176,640 --a------ C:\WINDOWS\Ckconfig.exe
2008-03-03 23:48 . 2002-11-15 19:23 50,176 --------- C:\WINDOWS\system32\Crypserv.exe
2008-03-03 23:48 . 2002-11-15 19:23 27,648 --a------ C:\WINDOWS\Setup_ck.exe
2008-03-03 23:48 . 2002-11-15 19:23 20,768 --------- C:\WINDOWS\system32\Ckldrv.sys
2008-03-03 23:48 . 2002-11-15 19:23 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-03-03 23:48 . 2008-03-04 00:06 76 --a------ C:\WINDOWS\Crypkey.ini
2008-03-03 23:27 . 2008-03-03 23:29 <DIR> d-------- C:\Documents and Settings\Vedran\Application Data\RapidGet
2008-03-03 21:31 . 2005-01-28 14:10 1,376,768 --a------ C:\Robotom.doc
2008-03-03 21:31 . 2005-01-28 14:10 873,824 --a------ C:\Robotom.hlp
2008-03-03 19:47 . 2008-03-03 19:50 613 --a------ C:\WINDOWS\wininit.ini
2008-03-03 18:19 . 2008-03-04 00:08 <DIR> d-------- C:\Program Files\Robot Office
2008-03-03 18:19 . 2008-03-04 00:09 <DIR> d-------- C:\Program Files\Common Files\RbtProt
2008-03-03 18:19 . 2008-03-03 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-03 18:19 . 1999-06-10 11:34 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2008-03-03 18:19 . 2005-02-04 05:00 28,672 --a------ C:\WINDOWS\system32\callrun.dll
2008-03-03 18:19 . 1999-06-10 11:34 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2008-03-03 18:19 . 2008-03-04 00:06 2,677 --a------ C:\WINDOWS\system32\config.hsp
2008-03-03 18:19 . 2008-03-04 00:09 359 --a------ C:\WINDOWS\DICWORD.INI
2008-03-03 18:19 . 2008-03-04 00:17 93 --ahs---- C:\_sg3bklhxbsg
2008-03-03 18:19 . 2008-03-04 00:09 92 --a------ C:\WINDOWS\RUNTEST.INI
2008-03-03 18:19 . 2008-03-04 00:09 15 -rahs---- C:\WINDOWS\vitxvda
2008-03-03 18:17 . 2008-03-04 00:08 <DIR> d-------- C:\Program Files\Common Files\RoboBAT
2008-03-03 17:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-03 17:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-03 17:19 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 22:00 . 2008-03-02 22:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 21:58 . 2008-03-02 21:58 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-02 21:49 . 2008-03-02 21:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 21:48 . 2008-03-02 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 18:07 . 2008-03-02 18:15 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-03-02 17:51 . 2008-03-03 17:17 <DIR> d-------- C:\Documents and Settings\Vedran\Application Data\RegClean
2008-03-02 11:41 . 2008-03-02 11:40 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-02 11:41 . 2008-03-02 11:41 2,551 --a------ C:\WINDOWS\unins000.dat
2008-02-26 19:54 . 2008-02-26 19:54 <DIR> d-------- C:\Program Files\BATSCRSOFT
2008-02-26 18:45 . 2008-02-26 18:45 <DIR> d-------- C:\Program Files\SurfOffline Professional 2
2008-02-26 18:45 . 2008-02-26 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bimesoft
2008-02-26 18:42 . 2008-02-26 18:42 <DIR> d-------- C:\Documents and Settings\Vedran\New Folder
2008-02-20 16:07 . 2008-02-20 17:24 <DIR> d-------- C:\Program Files\HDD Regenerator
2008-02-20 16:07 . 2008-02-20 16:07 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-13 22:28 . 2008-02-13 22:28 <DIR> d-------- C:\Program Files\Illustrate
2008-02-13 22:28 . 2008-02-13 22:28 <DIR> d-------- C:\Documents and Settings\Vedran\Application Data\AccurateRip
2008-02-13 22:28 . 2008-02-13 22:27 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-13 22:28 . 2008-02-13 22:28 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-02-13 22:28 . 2008-02-13 22:28 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-02-12 23:57 . 2008-02-12 23:57 <DIR> d--hs---- C:\found.000
2008-02-12 23:50 . 2008-02-12 23:50 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-11 19:13 . 2008-02-18 13:41 <DIR> d-------- C:\Program Files\HD Tune
2008-02-11 12:52 . 2008-02-12 23:50 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-11 12:52 . 2008-02-11 12:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 23:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 18:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 17:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 21:01 --------- d-----w C:\Program Files\Windows Live
2008-03-02 20:59 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-02 20:50 --------- d-----w C:\Program Files\MSN Messenger
2008-03-02 18:33 --------- d-----w C:\Documents and Settings\Vedran\Application Data\uTorrent
2008-03-02 18:02 69,304 ----a-w C:\Documents and Settings\Vedran\Application Data\GDIPFONTCACHEV1.DAT
2008-03-02 10:36 --------- d-----w C:\Program Files\Starcraft
2008-03-02 10:19 --------- d-----w C:\Program Files\Google
2008-02-26 18:56 --------- d-----w C:\Documents and Settings\Vedran\Application Data\BATSCRSOFT
2008-02-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
2008-02-26 18:54 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-26 18:05 --------- d-----w C:\Program Files\mIRC
2008-02-10 11:15 --------- d-----w C:\Program Files\DietOrganizer 2.0
2008-02-08 15:57 --------- d-----w C:\Program Files\Winamp
2008-02-07 20:41 --------- d-----w C:\Program Files\DFX
2008-02-06 18:18 --------- d-----w C:\Program Files\SopCast
2008-01-28 04:20 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-28 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Error fork army readme
2008-01-27 23:55 --------- d-----w C:\Program Files\Mozilla Thunderbird(2)
2008-01-27 23:55 --------- d-----w C:\Program Files\KiriloKonvert(2)
2008-01-27 23:55 --------- d-----w C:\Program Files\ICQ6
2008-01-27 23:55 --------- d-----w C:\Documents and Settings\Vedran\Application Data\Thunderbird
2008-01-27 23:15 --------- d-----w C:\Documents and Settings\Ivan\Application Data\Sony Ericsson
2008-01-25 01:02 --------- d-----w C:\Program Files\Vivia
2008-01-25 01:02 --------- d-----w C:\Program Files\Razer
2008-01-25 01:02 --------- d-----w C:\Program Files\LimeWire
2008-01-24 15:57 --------- d-----w C:\Program Files\EvilLyrics
2008-01-23 22:02 --------- d-----w C:\Documents and Settings\Vedran\Application Data\Autodesk
2008-01-21 15:21 --------- d-----w C:\Program Files\Macromedia
2008-01-21 15:21 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-20 14:38 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-20 14:38 --------- d-----w C:\Program Files\AutoCAD 2006
2008-01-20 14:31 --------- d-----w C:\Program Files\AutoCAD 2008
2008-01-20 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-18 20:43 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-18 20:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-18 20:43 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-18 20:43 --------- d-----w C:\Documents and Settings\Vedran\Application Data\Sony Ericsson
2008-01-18 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-18 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-15 14:50 --------- d-----w C:\Program Files\MozyHome
2008-01-14 20:04 --------- d-----w C:\Program Files\Circle Developement
2008-01-14 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-01-13 14:50 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-01-13 14:50 107,832 ----a-w C:\windows\system32\PnkBstrB.exe
2008-01-13 12:54 0 ----a-r C:\logwmemory.bin
2008-01-13 12:53 --------- d-----w C:\Documents and Settings\Vedran\Application Data\Soldat
2008-01-13 12:37 --------- d-----w C:\Program Files\Boilsoft MOV Converter
2008-01-13 11:39 --------- d-----w C:\Program Files\Last.fm
2008-01-12 10:10 --------- d-----w C:\Documents and Settings\Vedran\Application Data\Azureus
2008-01-11 12:52 --------- d-----w C:\Program Files\mpegable
2008-01-11 12:52 --------- d-----w C:\Program Files\Blaze Media Pro
2008-01-05 00:07 --------- d-----w C:\Program Files\Boilsoft MP4 Converter
2008-01-01 11:48 47,104 ------w C:\windows\AKDeInstall.exe
2007-12-31 13:19 52,736 ----a-w C:\windows\ipuninst.exe
2007-12-20 09:41 29,440 ----a-w C:\windows\system32\uxtuneup.dll
2007-12-05 01:53 356,352 ----a-w C:\windows\system32\NVUNINST.EXE
2007-12-04 13:04 837,496 ----a-w C:\windows\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\windows\system32\AvastSS.scr
1995-07-10 14:21 2,872 ----a-w C:\Documents and Settings\Vedran\INSTSUPP.BAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-11-30 23:26 1502232 --------- C:\Program Files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{8E718888-423F-11D2-876E-00A0C9082467}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [2007-11-30 23:26 1502232]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Cdrom Audio"="C:\DOCUME~1\Vedran\APPLIC~1\BATSCR~1\Love Owns 32.exe" [2008-02-26 19:54 434176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-02 11:19 171448]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-02-19 00:26 604920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-23 17:05 185896]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 03:33 176128]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Bat Wave Base Dale"="C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\tray plus.exe" [2008-03-04 17:22 496128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Ivan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-08-22 16:45:55 159744]

C:\Documents and Settings\Vedran\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-08-14 13:47:50 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcohol.exe]
--a------ 2006-11-20 04:59 1493376 C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArmyReadmeBikeIso]
C:\Documents and Settings\All Users\Application Data\Error fork army readme\firstmail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-03-02 00:11 43008 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun]
C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cdrom Audio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2007-08-08 16:03 177400 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop up Blocker]
--a------ 2007-01-12 22:43 1190400 C:\Program Files\Pop up Blocker\pd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun]
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpeedOptimizer"=C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"SoundMan"=SOUNDMAN.EXE
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshearts.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\save\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\Archive.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\games\\FreeSpace2\\FS2.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\SurfOffline Professional 2\\SO_PRO.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard downloader
"6882:TCP"= 6882:TCP:Blizzard downloader
"6883:TCP"= 6883:TCP:Blizzard downloader
"6884:TCP"= 6884:TCP:Blizzard downloader
"6885:TCP"= 6885:TCP:Blizzard downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard downloader
"6888:TCP"= 6888:TCP:Blizzard downloader
"6889:TCP"= 6889:TCP:Blizzard downloader
"6890:TCP"= 6890:TCP:Blizzard downloader
"6891:TCP"= 6891:TCP:Blizzard downloader
"6892:TCP"= 6892:TCP:Blizzard downloader
"6893:TCP"= 6893:TCP:Blizzard downloader
"6894:TCP"= 6894:TCP:Blizzard downloader
"6895:TCP"= 6895:TCP:Blizzard downloader
"6896:TCP"= 6896:TCP:Blizzard downloader
"6897:TCP"= 6897:TCP:Blizzard downloader
"6898:TCP"= 6898:TCP:Blizzard downloader
"6899:TCP"= 6899:TCP:Blizzard downloader

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03]
R2 SG_Service;SoftGuard Service;C:\Program Files\Common Files\RbtProt\sgsrv.exe [2005-04-25 11:58]
R2 UxTuneUp;TuneUp Theme Extension;C:\windows\System32\svchost.exe [2004-08-03 23:56]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S2 haspflt;haspflt;C:\windows\System32\Drivers\haspflt.sys [2006-07-01 12:00]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 SaiClass;SaiClass;C:\windows\system32\drivers\SaiNtBus.sys [2003-04-10 10:41]
S3 SaiNtHid;SaiNtHid;C:\windows\system32\DRIVERS\SaiNtHid.sys [2003-04-10 10:42]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\windows\System32\TuneUpDefragService.exe [2008-02-12 23:50]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a8d7648-2c0d-11dc-b73f-0011d8c22bfe}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ebb2bcf-8aa1-11db-834f-0011d8c22bfe}]
\Shell\AutoRun\command - F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A4682FBA-447D-0E71-3292-6D2063971132}]
C:\WINDOWS\system32:usrlogin.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 17:46:12 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-04 16:00:00 C:\windows\Tasks\A72FFAD091EC6CA0.job"
- c:\docume~1\vedran\applic~1\batscr~1\BinOnlineAbout.exe
"2008-03-04 16:17:00 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 17:30:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 17:32:05
ComboFix-quarantined-files.txt 2008-03-04 16:32:04
.
2007-12-06 15:19:16 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:38 PM

Posted 04 March 2008 - 03:32 PM

Combofix logs should not be posted without instruction to do so from an experienced helper.

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:38 PM

Posted 04 March 2008 - 04:59 PM

ComboFix logs should not to be posted outside the HijackThis forums. If you feel that you are infected than please follow the HJT Preparation Guide here, to learn how to post a HijackThis log. If you wish to receive help in determining if you are infected you can also ask your question in the Am I infected forum. But do so without utilizing a log of any sort, within the post in the Am I Infected forum. These advanced tools such as HijackThis and Combofix can and will do serious and irreparable damage to your operating system if used improperly or by an untrained individual.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users