Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Abebot Virus


  • Please log in to reply
1 reply to this topic

#1 G7Beagle

G7Beagle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 06 April 2008 - 03:35 PM

Deckard's System Scanner v20071014.68
Run by Alfonso Galiano MD on 2008-04-06 15:19:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-04-06 20:19:49 UTC - RP460 - Deckard's System Scanner Restore Point
75: 2008-04-06 14:48:56 UTC - RP459 - Software Distribution Service 3.0
74: 2008-04-06 03:03:52 UTC - RP458 - Removed AntiSpywareBot
73: 2008-04-06 02:56:13 UTC - RP457 - Installed AntiSpywareBot
72: 2008-04-05 23:28:45 UTC - RP456 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-04 00:39:14 UTC - RP385 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 15:23:14
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\gralwbob\wfydohyx.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\itulofqt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Alfonso Galiano MD\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [phzqpslh] C:\WINDOWS\system32\itulofqt.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=384cc3d2-b0b1-4725-b47c-e61527d7d807
O4 - HKLM\..\Policies\Explorer\Run: [tVcsKvUt6a] C:\Documents and Settings\All Users\Application Data\gralwbob\wfydohyx.exe
O4 - Startup: .protected
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: .protected
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170041547796
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


--
End of file - 14130 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 FlashNT - c:\windows\system32\drivers\flashnt.sys <Not Verified; SmartDisk Corporation; FlashPath Driver for NT 4.0 & 2000>
R2 Sdselect - c:\windows\system32\drivers\sdselect.sys <Not Verified; SmartDisk Corporation; SD Select Driver for Windows 2000>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>

S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys (file missing)
S3 XIRLINK (IBM PC Camera) - c:\windows\system32\drivers\c-itnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>

S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 14:27:21 428 --a----c- C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-06 10:28:23 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-05 21:56:44 546 --a----c- C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job
2008-04-04 20:16:14 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-04 15:00:00 434 --a----c- C:\WINDOWS\Tasks\Norton Security Scan.job
2007-02-16 10:10:23 376 --a----c- C:\WINDOWS\Tasks\McDefragTask.job
2007-02-16 10:10:22 378 --a----c- C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 14:49:35 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 14:49:32 0 d------c- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 14:49:19 0 d------c- C:\WINDOWS\LastGood
2008-04-05 22:24:18 0 d------c- C:\Program Files\Enigma Software Group
2008-04-05 22:12:04 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\Malwarebytes
2008-04-05 22:11:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-05 21:56:27 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\AntispywareBot
2008-04-05 21:56:16 0 d------c- C:\Program Files\AntiSpywareBot
2008-04-05 19:05:41 0 d------c- C:\WINDOWS\Prefetch
2008-04-05 18:55:01 0 d------c- C:\WINDOWS\system32\scripting
2008-04-05 18:54:58 0 d------c- C:\WINDOWS\system32\en
2008-04-05 18:54:58 0 d------c- C:\WINDOWS\l2schemas
2008-04-04 21:03:33 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\DoctorWeb
2008-04-03 17:25:41 0 d------c- C:\Program Files\Windows Defender
2008-04-03 16:36:25 0 d------c- C:\Program Files\PC-Antispyware
2008-04-03 15:49:25 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\PC-Cleaner
2008-04-02 16:28:23 0 d------c- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-02 10:27:32 0 d------c- C:\Program Files\PC-Cleaner
2008-04-01 17:57:44 331776 --a----c- C:\WINDOWS\sxfnewqb.dll
2008-04-01 17:57:10 4096 --a----c- C:\WINDOWS\userconfig9x.dll
2008-04-01 17:57:10 4096 --a----c- C:\WINDOWS\system32winlogonpc.exe
2008-04-01 17:57:10 4096 --a----c- C:\WINDOWS\FVProtect.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32taack.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32taack.dat
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32ssurf022.dll
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32sncntr.exe
2008-04-01 17:57:09 0 d------c- C:\WINDOWS\system32smp
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32psoft1.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32psof1.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32ps1.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32netode.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32mwin32.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32mtr2.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32msnbho.dll
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32msgp.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32medup020.dll
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32medup012.dll
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32hxiwlgpm.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32hxiwlgpm.dat
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32hoproxy.dll
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\iTunesMusic.exe
2008-04-01 17:57:09 4096 --a----c- C:\WINDOWS\a.bat
2008-04-01 17:57:09 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Desktopvirii
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\winsystem.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32WINWGPX.EXE
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32winsystem.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32vcatchpi.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32vbsys2.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32thun32.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32thun.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32temp#01.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32sysreq.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32ssvchost.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32ssvchost.com
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32Rundl1.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32regm64.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32regc64.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32newsd32.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32msvchost.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32mssecu.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32emesx.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32dpcproxy.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32bdn.com
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32awtoolb.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32anticipator.dll
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\system32akttzn.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\mssecu.exe
2008-04-01 17:57:08 4096 --a----c- C:\WINDOWS\bdn.com
2008-04-01 17:57:08 0 d------c- C:\Program Files\akl
2008-04-01 17:57:08 4096 --a----c- C:\Documents and Settings\Alfonso Galiano MD\DesktopFWebdEditor.exe
2008-04-01 17:57:08 4096 --a----c- C:\Documents and Settings\Alfonso Galiano MD\Desktopfwebd.exe
2008-04-01 17:57:08 4096 --a----c- C:\Documents and Settings\Alfonso Galiano MD\Desktopfilemanagerclient.exe
2008-04-01 17:57:01 86016 --a----c- C:\WINDOWS\system32\itulofqt.exe
2008-04-01 17:57:01 0 d------c- C:\Documents and Settings\All Users\Application Data\gralwbob
2008-03-25 17:38:21 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Saved Games
2008-03-25 17:29:42 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 17:29:29 0 d------c- C:\Documents and Settings\All Users\Application Data\GamesBar
2008-03-25 17:29:19 0 d------c- C:\Program Files\GamesBar
2008-03-25 17:29:12 0 d------c- C:\Program Files\Common Files\Oberon Media
2008-03-25 17:29:11 0 d------c- C:\Program Files\Chill
2008-03-21 21:38:45 0 d------c- C:\Program Files\Safari
2008-03-07 11:01:09 0 d------c- C:\Program Files\Common Files\eSellerate
2008-03-07 11:00:25 0 d---s--c- C:\Documents and Settings\All Users\Application Data\Seagate


-- Find3M Report ---------------------------------------------------------------

2008-04-06 14:58:35 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\Skype
2008-04-06 10:42:27 4530 --a----c- C:\WINDOWS\mozver.dat
2008-04-06 10:32:37 256 --a----c- C:\WINDOWS\system32\pool.bin
2008-04-05 18:55:35 0 d------c- C:\Program Files\Messenger
2008-04-05 18:54:57 0 d------c- C:\Program Files\Movie Maker
2008-04-05 18:50:43 0 d------c- C:\Program Files\Windows NT
2008-04-03 17:06:50 0 d------c- C:\Program Files\iTunes
2008-04-03 17:06:35 0 d------c- C:\Program Files\iPod
2008-04-03 17:03:56 0 d------c- C:\Program Files\QuickTime
2008-04-03 15:58:21 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-03 15:58:19 0 d------c- C:\Program Files\PC-Doctor for Windows
2008-04-02 15:55:27 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\ZoomBrowser EX
2008-04-01 15:54:58 0 d------c- C:\Program Files\McAfee
2008-03-25 17:29:12 0 d------c- C:\Program Files\Common Files
2008-03-21 21:40:35 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\Apple Computer
2008-03-16 19:30:02 108088 --a----c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 11:01:05 0 d------c- C:\Program Files\Seagate
2008-03-05 22:07:53 28672 --a----c- C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-02-27 18:57:34 0 d------c- C:\Documents and Settings\Alfonso Galiano MD\Application Data\Intuit
2008-02-27 18:52:08 0 d------c- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-27 18:51:42 0 d------c- C:\Program Files\QUICKENW
2008-02-27 18:37:53 0 d------c- C:\Program Files\TurboTax
2008-02-16 19:45:13 0 d------c- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
06/19/2007 10:09 AM 380928 --a--c--- C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [04/18/2002 07:32 PM C:\WINDOWS\system32\PROMon.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/14/2002 08:29 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/14/2002 08:20 PM]
"GWMDMMSG"="GWMDMMSG.exe" [08/06/2002 03:24 PM C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [08/06/2002 03:24 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [03/07/2007 10:58 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 11:43 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"American Airlines DealFinder"="C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" [01/10/2008 04:11 PM]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [01/18/2007 01:20 PM]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 05:31 PM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [10/31/2007 11:19 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [03/20/2008 03:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/20/2008 03:06 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/08/2006 06:17 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/18/2007 01:14 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/17/2007 12:46 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [10/09/2007 01:02 PM]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [10/09/2007 02:42 PM]
"phzqpslh"="C:\WINDOWS\system32\itulofqt.exe" [04/01/2008 05:57 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=384cc3d2-b0b1-4725-b47c-e61527d7d807

C:\Documents and Settings\Alfonso Galiano MD\Start Menu\Programs\Startup\
.protected [4/3/2008 4:36:50 PM]
AutoBackup Launcher.lnk - C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe [1/14/2008 12:48:32 PM]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [9/19/2005 1:20:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.protected [4/3/2008 4:36:50 PM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [5/2/2007 8:27:52 AM]
FlashPath Monitor.lnk - C:\Program Files\SmartDisk\FlashPath\sdstat.exe [9/18/2007 5:55:51 PM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:27:34 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"tVcsKvUt6a"=C:\Documents and Settings\All Users\Application Data\gralwbob\wfydohyx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4cfc7c-210f-11dc-be9b-0007e9af9f66}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5766c36-b5b7-11dc-bfb1-0007e9af9f66}]
AutoRun\command- F:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-04-06 15:26:52 ------------

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:00 AM

Posted 18 April 2008 - 05:04 AM

Hi G7Beagle

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh dss log
- combofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users