Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Curse Of Virtumonde


  • This topic is locked This topic is locked
2 replies to this topic

#1 dot23

dot23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 April 2008 - 02:33 PM

Hi Just read this forum and followed the advice. I've got the usual repeated malware probs: pop-ups, slow system, unable to delete through normal anti-virus - running symantec endpoint protection, vundufix and spybot SnD.

So here's the combofix.txt log:

ComboFix 08-04-04.1 - XPPRESP3 2008-04-06 20:38:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1231 [GMT 2:00]
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb3a0c1f6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bgkhhxpc.dll
C:\WINDOWS\system32\cbXrsPjI.dll
C:\WINDOWS\system32\dbnpujxj.dll
C:\WINDOWS\system32\ddqbcjxj.dll
C:\WINDOWS\system32\Desktop_.ini
C:\WINDOWS\system32\fegeykbw.ini
C:\WINDOWS\system32\flysdujn.dll
C:\WINDOWS\system32\IjPsrXbc.ini
C:\WINDOWS\system32\IjPsrXbc.ini2
C:\WINDOWS\system32\jxjcbqdd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\qifkbagt.dll
C:\WINDOWS\system32\qqrbuyks.dll
C:\WINDOWS\system32\tasvlaay.dll
C:\WINDOWS\system32\tgabkfiq.ini
C:\WINDOWS\system32\xxywXOFU.dll
C:\WINDOWS\system32\yaalvsat.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 10:38 . 2008-04-06 10:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 10:38 . 2008-04-06 10:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 10:36 . 2008-04-06 10:36 <DIR> d-------- C:\Program Files\XnView
2008-04-05 18:29 . 2008-04-05 18:29 <DIR> d-------- C:\VundoFix Backups
2008-04-05 17:56 . 2008-04-05 17:56 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Yahoo!
2008-04-05 17:56 . 2008-04-05 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-05 17:51 . 2008-04-05 17:52 <DIR> d-------- C:\Program Files\FLV Player
2008-04-04 21:04 . 2008-04-05 15:02 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-04-04 16:57 . 2007-12-18 19:06 91,008 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys
2008-04-04 16:55 . 2008-04-04 16:56 136,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-04 16:55 . 2008-04-04 16:56 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-04 16:55 . 2008-04-04 16:56 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-04 16:55 . 2008-04-04 16:56 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-04 16:54 . 2008-04-04 16:56 <DIR> d-------- C:\Program Files\Symantec
2008-04-04 16:54 . 2008-04-04 17:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-04 16:54 . 2008-04-04 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-04 16:54 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DL1
2008-04-04 16:54 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-04-04 16:54 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-04-03 20:00 . 2008-04-03 21:20 <DIR> d-------- C:\Program Files\downloadr
2008-04-03 13:58 . 2008-04-03 13:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-03 13:58 . 2008-04-03 13:58 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-03 13:58 . 2008-04-03 13:58 <DIR> d-------- C:\Program Files\MSBuild
2008-04-03 13:57 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-04-03 13:36 . 2008-04-03 13:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-03 12:56 . 2008-04-03 12:56 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Bluetooth Software
2008-04-03 12:30 . 2008-04-03 12:30 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Idea2
2008-04-03 09:32 . 2008-04-06 20:06 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Desktop Sidebar
2008-04-02 22:16 . 2008-04-03 12:47 1,601,170 --ahs---- C:\WINDOWS\system32\jwqktknf.ini
2008-04-02 10:12 . 2008-04-02 10:12 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\ieSpell
2008-04-01 23:46 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-04-01 23:46 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-04-01 22:10 . 2008-04-02 11:39 1,599,388 --ahs---- C:\WINDOWS\system32\dgocrkkg.ini
2008-04-01 16:52 . 2008-04-01 16:52 <DIR> d-------- C:\WINDOWS\Sun
2008-04-01 16:52 . 2008-04-01 16:53 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Juniper Networks
2008-04-01 16:38 . 2008-04-01 16:38 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Talkback
2008-04-01 09:43 . 2008-04-01 09:43 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-01 09:43 . 2008-04-01 09:43 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-04-01 09:43 . 2001-11-14 21:19 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-04-01 09:23 . 2008-04-01 09:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-01 09:21 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-01 00:31 . 2008-04-01 00:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\.Nokia
2008-04-01 00:30 . 2008-04-01 00:30 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-01 00:30 . 2008-04-01 00:30 <DIR> d--h----- C:\Documents and Settings\XPPRESP3\InstallAnywhere
2008-03-31 23:36 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-31 23:14 . 2008-03-31 23:14 <DIR> d-------- C:\Program Files\FastPictureViewer
2008-03-31 23:13 . 2008-03-31 23:13 <DIR> d-------- C:\Program Files\VisualTaskTips
2008-03-31 23:13 . 2008-03-31 23:13 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-03-31 23:13 . 2008-04-02 10:39 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Vista Start Menu
2008-03-31 23:10 . 2008-04-03 12:57 <DIR> d-------- C:\Program Files\Desktop Sidebar
2008-03-31 23:07 . 2008-03-31 23:07 <DIR> d-------- C:\Program Files\Copernic Agent
2008-03-31 23:07 . 2008-03-31 23:07 <DIR> d-------- C:\Program Files\Common Files\Copernic
2008-03-31 23:07 . 2008-03-31 23:07 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Copernic
2008-03-31 23:07 . 2001-07-11 15:09 109,782 --a------ C:\WINDOWS\CopernicAgentUninstall.exe
2008-03-31 22:49 . 2008-04-01 08:40 <DIR> d-------- C:\Program Files\Folder View
2008-03-31 22:09 . 2008-04-01 22:04 1,597,474 --ahs---- C:\WINDOWS\system32\yphctymn.ini
2008-03-31 14:47 . 2008-04-06 16:00 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\skypePM
2008-03-31 14:47 . 2008-03-31 14:47 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-31 14:31 . 2008-03-31 14:31 <DIR> d-------- C:\Program Files\Google
2008-03-31 14:31 . 2008-04-06 20:30 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Skype
2008-03-31 14:30 . 2008-03-31 14:30 <DIR> d-------- C:\Program Files\Skype
2008-03-31 14:30 . 2008-03-31 14:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-31 14:30 . 2008-03-31 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-31 12:06 . 2008-03-31 23:00 <DIR> d--hs---- C:\Documents and Settings\XPPRESP3\Phone Browser
2008-03-31 11:50 . 2008-03-31 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-31 11:49 . 2008-03-31 15:18 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Nokia
2008-03-31 11:47 . 2008-03-31 11:47 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-03-31 11:37 . 2008-03-31 11:37 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-03-31 11:37 . 2008-03-31 23:00 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\PC Suite
2008-03-31 10:13 . 2008-03-31 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-31 10:11 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-31 10:11 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-03-31 10:11 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-31 10:11 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-31 10:11 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-03-31 10:11 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-31 10:10 . 2008-04-01 00:31 <DIR> d-------- C:\Program Files\Nokia
2008-03-31 10:10 . 2008-03-31 11:47 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-03-31 10:09 . 2008-03-31 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-31 09:52 . 2008-03-31 09:52 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-03-31 09:52 . 2008-03-31 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-31 09:48 . 2008-03-31 09:57 <DIR> d-------- C:\Program Files\Winamp
2008-03-31 09:48 . 2008-04-03 10:04 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Winamp
2008-03-31 09:48 . 2007-03-08 01:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-03-31 09:48 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-31 09:48 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-31 09:35 . 2008-03-31 09:35 <DIR> d-------- C:\Program Files\LimeWire
2008-03-31 09:35 . 2008-04-06 09:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\LimeWire
2008-03-31 09:27 . 2007-03-08 01:51 43,528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-31 09:27 . 2008-03-31 09:29 1,017 --a------ C:\WINDOWS\winamp.ini
2008-03-31 09:16 . 2008-04-06 20:43 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\BitTorrent
2008-03-31 09:15 . 2008-03-31 09:15 <DIR> d-------- C:\Program Files\DNA
2008-03-31 09:15 . 2008-03-31 09:15 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-31 09:15 . 2008-04-06 20:43 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\DNA
2008-03-31 08:08 . 2008-03-31 08:08 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-03-27 09:36 . 2008-03-27 09:38 <DIR> d--h----- C:\WINDOWS\Icons
2008-03-27 09:03 . 2008-04-06 10:35 <DIR> d-------- C:\Downloads
2008-03-26 10:31 . 2008-03-26 10:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-26 08:52 . 2008-03-26 08:52 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\MusicIP
2008-03-25 14:08 . 2008-03-25 14:08 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 14:15 50,536 ----a-w C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-23 20:08 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-03-23 03:13 --------- d-----w C:\Program Files\TABLET
2008-03-23 02:22 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-23 02:09 --------- d-----w C:\Program Files\RocketDock
2008-03-23 01:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-23 01:59 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-23 01:56 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-23 01:56 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-03-23 01:55 --------- d-----w C:\Program Files\Softland
2008-03-23 01:55 --------- d-----w C:\Program Files\CPU-Z
2008-03-23 01:52 --------- d-----w C:\Program Files\LClock
2008-03-23 01:52 --------- d-----w C:\Program Files\Desktop
2008-03-23 01:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-23 01:51 --------- d-----w C:\Program Files\SysInternals
2008-03-23 01:51 --------- d-----w C:\Program Files\Graphics
2008-03-23 01:50 --------- d-----w C:\Program Files\Utilities
.

------- Sigcheck -------

2007-08-08 18:28 360704 a11391be25035570ae4b8970920f2c74 C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\explorer.exe
2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\XPize\Backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc8dda2e-3de3-413d-8aa1-7aaa1e37f0c3}]
C:\WINDOWS\system32\qwqudpfm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-31 09:15 288576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-31 14:31 171448]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 11:12 61440]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-03-25 01:25 587568]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56 280779]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 12:27 65536]
"Resume copy"="copyfstq.exe" [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 05:15 8478720]
"nwiz"="nwiz.exe" [2007-08-23 05:15 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 05:15 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-18 05:14 16342528 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-18 05:45 827392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-31 05:52 772616]
"WService"="WService.EXE" [2005-11-23 12:06 40960 C:\WINDOWS\system32\WService.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-08 18:24 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\XPPRESP3\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-03-26 19:19:43 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-01 09:23:26 110592]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 12:26:12 576104]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-03-23 04:05:30 1678536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXOFU]
xxywXOFU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"msacm.divxa32"= divxa32.acm
"vidc.wmv3"= wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 02:50]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 20:45:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-04-06 20:49:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 18:49:15
Pre-Run: 21,584,490,496 bytes free
Post-Run: 21,540,675,584 bytes free


And here;s the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Winamp\winampa.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Win32Pad\win32pad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {3c0f73e1-aaa7-1aa8-d314-3ed3e2add8cc} - {cc8dda2e-3de3-413d-8aa1-7aaa1e37f0c3} - C:\WINDOWS\system32\qwqudpfm.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxywXOFU - xxywXOFU.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 14531 bytes

Am about to run SDfix.

Please give me your advice as I'm worried that my financial details may have been stolen - I tried to access my online account during a period when i may have been nfected :thumbsup:

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 AM

Posted 13 April 2008 - 09:01 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 AM

Posted 20 April 2008 - 12:20 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users