Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.win32.netbooster Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 the_baldeagle

the_baldeagle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 04 May 2008 - 12:26 AM

Deckard's System Scanner v20071014.68
Run by kk007 on 2008-05-03 22:09:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
109: 2008-05-04 05:09:41 UTC - RP351 - Deckard's System Scanner Restore Point
108: 2008-05-03 07:33:41 UTC - RP350 - Before installing C:\...\Temp\spyzookasetup.msi
107: 2008-05-03 07:31:25 UTC - RP349 - Before installing C:\...\Utilities\spyzookasetup.exe
106: 2008-05-02 05:49:49 UTC - RP348 - Before installing C:\...\Audio\setup.exe
105: 2008-05-02 05:02:47 UTC - RP347 - Before installing C:\...\Audio\setup.exe


-- First Restore Point --
1: 2008-04-22 01:51:23 UTC - RP243 - Undo checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kk007.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:52 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\AVANQU~1\Fix-It\MXTask.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\kk007\My Documents\My Downloads\Utilities\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kk007.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -ScanNow
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://www.update.microsoft.com/microsoftu...b?1204315817985
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SCCCD.NET
O17 - HKLM\Software\..\Telephony: DomainName = SCCCD.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A33FE7B-FE93-4F15-8D64-5FDEB927ED17}: NameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SCCCD.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SCCCD.NET
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SCCCD.NET
O21 - SSODL: vadokmxt - {28592F10-A521-447B-9D79-B399E0D39753} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {84C5CC00-6441-452D-9E90-50FFC7A02FC4} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\MXTask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 1: My Current Home Page - About:Home

--
End of file - 10803 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 WISTechVIDCAP (ADS DVD XPRESS DX2) - c:\windows\system32\drivers\wisgostrm.sys <Not Verified; WIS Technologies; GO7007SB SDK>
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 SPCSUtilityService - "c:\program files\sprint\sierra wireless\sprint pcs connection manager\spcsutilityservice.exe" <Not Verified; Sprint Spectrum, L.L.C; Sprint PCS Connection Manager>

S2 Apple Mobile Device -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Sierra Wireless AC595U 1xEV-DO Network Adapter
Device ID: SWMUXBUS\SW_NET\6&12E15AE9&1&0&2
Manufacturer: Sierra Wireless
Name: Sierra Wireless AC595U 1xEV-DO Network Adapter
PNP Device ID: SWMUXBUS\SW_NET\6&12E15AE9&1&0&2
Service: SWNC5E00

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3CA770C1324FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3CA770C1324FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1450 Dual Band WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4324&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1450 Dual Band WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4324&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-05-03 22:00:00 486 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-04-24 10:16:00 436 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-04-19 23:23:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-03 22:12:18 0 d-------- C:\Program Files\Trend Micro
2008-05-01 21:30:23 0 d-------- C:\Documents and Settings\kk007\Application Data\BitTorrent
2008-05-01 21:30:06 0 d-------- C:\Program Files\DNA
2008-05-01 21:30:06 0 d-------- C:\Documents and Settings\kk007\Application Data\DNA
2008-05-01 21:30:05 0 d-------- C:\Program Files\BitTorrent
2008-04-30 13:46:39 0 d-------- C:\Documents and Settings\kk007\Application Data\Spyzooka
2008-04-30 11:54:12 0 d-------- C:\Program Files\SpyZooka
2008-04-30 11:51:48 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-30 11:12:58 17920 --a------ C:\WINDOWS\system32\apintfnt.dll <Not Verified; Sierra Wireless America, Inc.; PC Driver Interface>
2008-04-29 14:29:34 0 d-------- C:\WINDOWS\privacy_danger
2008-04-28 14:17:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-28 14:17:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-28 14:13:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Opera
2008-04-28 11:01:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 10:53:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-25 10:36:33 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-25 10:36:21 0 d-------- C:\spywarebegone
2008-04-25 08:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 21:11:38 0 d-------- C:\Program Files\Enigma Software Group
2008-04-24 19:50:23 0 dr-h----- C:\Documents and Settings\kk007\Recent
2008-04-24 17:36:29 0 d--h----- C:\_Backup
2008-04-24 14:45:26 0 d-------- C:\_Backup(2)
2008-04-24 09:49:01 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2008-04-24 09:49:00 0 d-------- C:\Program Files\ShellExView
2008-04-24 02:39:19 0 d-------- C:\Program Files\Opera 9.5 beta
2008-04-24 01:07:56 0 d--h----- C:\WINDOWS\PIF
2008-04-23 21:57:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 21:37:58 0 d-------- C:\Program Files\InterMute
2008-04-23 21:17:33 0 d-------- C:\Documents and Settings\kk007\Application Data\Desktopicon
2008-04-23 20:18:06 0 d-------- C:\Documents and Settings\kk007\Application Data\Lavasoft
2008-04-23 15:51:00 0 d-------- C:\Documents and Settings\kk007\Application Data\TmpRecentIcons
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-23 14:28:06 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-23 14:28:04 0 d-------- C:\WINDOWS\system32\smp
2008-04-23 14:28:03 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-04-23 14:28:03 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-04-23 14:28:03 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-04-23 14:28:02 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-04-23 14:28:02 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-04-23 14:28:02 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-04-23 14:28:02 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-04-23 14:28:01 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-04-23 14:27:34 81920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-23 14:27:34 212992 --a------ C:\WINDOWS\wdpoefan.dll
2008-04-23 14:27:34 167936 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-23 14:27:34 94208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-23 14:27:32 0 d-------- C:\Documents and Settings\All Users\Application Data\xxx.xxx
2008-04-23 14:27:31 98304 -----n--- C:\WINDOWS\system32\netopyno.exe
2008-04-21 18:53:11 0 d-------- C:\Program Files\EIPC Image2Icon
2008-04-21 18:51:29 421888 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-04-21 18:51:25 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-20 17:47:50 0 d-------- C:\Documents and Settings\kk007\Application Data\DVD Flick
2008-04-20 00:33:11 0 d-------- C:\Program Files\Opera
2008-04-19 19:34:31 0 d-------- C:\Program Files\FairUse Wizard 2
2008-04-19 19:34:23 0 d-------- C:\Program Files\Lavasoft
2008-04-19 19:34:02 0 d-------- C:\Program Files\StockphotoSPOT Uploader
2008-04-19 19:33:32 0 d-------- C:\Program Files\XVideoConverter
2008-04-19 19:32:32 0 d-------- C:\Program Files\Avery Wizard 3.0
2008-04-19 19:31:57 0 d-------- C:\Program Files\SmartSound Software
2008-04-19 19:31:57 0 d-------- C:\Program Files\MSXML 4.0
2008-04-19 19:31:56 0 d-------- C:\Program Files\Yahoo!
2008-04-19 17:46:02 0 d-------- C:\Documents and Settings\kk007\WINDOWS
2008-04-16 17:37:02 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-15 13:41:31 102400 --a------ C:\WINDOWS\system32\unzip3252.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-04-15 13:41:31 159744 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-15 13:41:31 40448 --a------ C:\WINDOWS\system32\UNACE.DLL
2008-04-15 13:41:31 352256 --a------ C:\WINDOWS\system32\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-04-15 13:41:31 667648 --a------ C:\WINDOWS\system32\FreeImage.dll
2008-04-14 10:53:45 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-06 12:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 11:19:42 0 d-------- C:\Documents and Settings\kk007\Application Data\DivX
2008-04-06 10:18:31 0 d-------- C:\Program Files\Veoh Networks
2008-04-06 10:17:43 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-05 22:57:07 0 d-------- C:\Documents and Settings\kk007\Application Data\AVS4YOU
2008-04-05 22:56:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-05 22:54:33 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-04-05 22:53:14 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-05 22:53:14 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-05 22:53:14 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-04-05 22:53:14 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>


-- Find3M Report ---------------------------------------------------------------

2008-05-03 19:03:38 2256 --a------ C:\WINDOWS\current_settings.bin
2008-05-03 12:54:05 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-03 02:18:11 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-30 11:51:48 0 d-------- C:\Program Files\Common Files
2008-04-30 11:12:50 0 d-------- C:\Program Files\Sierra Wireless
2008-04-28 10:53:30 0 d-------- C:\Program Files\Google
2008-04-25 08:44:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 06:18:57 0 d-------- C:\Program Files\Bluetooth Software
2008-04-25 06:18:55 0 d-------- C:\Program Files\Avanquest update
2008-04-25 06:18:55 0 d-------- C:\Program Files\Apoint
2008-04-25 06:18:52 0 d-------- C:\Program Files\DivX
2008-04-25 06:18:49 0 d-------- C:\Program Files\Messenger
2008-04-25 06:18:48 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-25 06:18:42 0 d-------- C:\Program Files\Motorola Phone Tools
2008-04-25 06:18:40 0 d-------- C:\Program Files\Modem Helper
2008-04-25 06:18:39 0 d-------- C:\Program Files\palmOne
2008-04-25 06:18:36 0 d-------- C:\Program Files\ADSTech DVD Xpress DX2
2008-04-24 20:53:54 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-24 20:27:02 0 d-------- C:\Program Files\Common Files\xxx.xxx
2008-04-24 19:44:40 0 d-------- C:\Program Files\ezt
2008-04-24 19:44:40 0 d-------- C:\Program Files\actiTIME
2008-04-24 19:44:33 0 d-------- C:\Program Files\NZCSM
2008-04-24 19:44:33 0 d-------- C:\Program Files\NetWaiting
2008-04-24 19:44:33 0 d-------- C:\Program Files\Napster
2008-04-24 19:44:33 0 d-------- C:\Program Files\CompanyLogoDesigner
2008-04-24 18:30:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 02:39:27 0 d-------- C:\Documents and Settings\kk007\Application Data\Opera
2008-04-23 23:44:46 112846 --a------ C:\WINDOWS\hpoins07.dat
2008-04-21 17:03:27 0 d-------- C:\Documents and Settings\kk007\Application Data\Apple Computer
2008-04-19 21:29:39 0 d-------- C:\Documents and Settings\kk007\Application Data\Avanquest
2008-04-19 14:47:20 0 d-------- C:\Documents and Settings\kk007\Application Data\RegistrySmart
2008-04-19 10:15:27 0 --a------ C:\Documents and Settings\kk007\Application Data\.googlewebacchosts
2008-04-16 17:35:50 0 d-------- C:\Program Files\HP
2008-04-16 17:33:11 105469 --a------ C:\Documents and Settings\kk007\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2008-04-16 17:31:25 3488 --a------ C:\Documents and Settings\kk007\Application Data\HPSU_48BitScanUpdate.log
2008-04-16 17:28:23 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-04-09 20:32:33 0 d-------- C:\Program Files\ADSTech
2008-04-06 13:11:22 39679 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-30 00:03:46 0 d-------- C:\Program Files\QuickTime
2008-03-27 10:36:22 0 d-------- C:\Program Files\Creative
2008-03-24 09:20:34 0 d-------- C:\Program Files\Common Files\Avery
2008-03-23 18:57:43 0 d-------- C:\Documents and Settings\kk007\Application Data\Intuit
2008-03-23 18:52:27 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-23 18:46:31 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-23 16:15:26 21025 --a------ C:\logfile
2008-03-21 14:46:19 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-03-21 11:57:31 0 d-------- C:\Documents and Settings\kk007\Application Data\IObit
2008-03-20 14:58:41 0 d-------- C:\Documents and Settings\kk007\Application Data\Sierra Wireless
2008-03-19 14:58:02 0 d-------- C:\Documents and Settings\kk007\Application Data\Roxio
2008-03-19 14:21:30 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-19 14:21:30 0 d-------- C:\Program Files\Common Files\Napster Shared
2008-03-16 15:06:41 0 d-------- C:\Documents and Settings\kk007\Application Data\Adobe
2008-03-16 12:09:20 0 d-------- C:\Documents and Settings\kk007\Application Data\TuneUp Software
2008-03-16 11:50:37 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-03-16 11:45:51 0 d-------- C:\Program Files\Dell
2008-03-15 13:20:09 0 d-------- C:\Documents and Settings\kk007\Application Data\HotSync
2008-03-15 13:00:58 0 d-------- C:\Documents and Settings\kk007\Application Data\HP
2008-03-15 12:59:58 0 d-------- C:\Documents and Settings\kk007\Application Data\Image Zone Express
2008-03-15 12:39:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-15 12:39:34 0 d-------- C:\Program Files\Ulead Systems
2008-03-15 11:34:51 90643 --a------ C:\WINDOWS\hpiins01.dat
2008-03-15 11:25:20 0 d-------- C:\Program Files\Common Files\HP
2008-03-14 17:42:45 0 d-------- C:\Documents and Settings\kk007\Application Data\Mozilla
2008-03-14 17:42:43 0 d-------- C:\Documents and Settings\kk007\Application Data\Thunderbird
2008-03-14 15:06:01 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-14 14:39:48 0 d-------- C:\Documents and Settings\kk007\Application Data\Talkback
2008-03-14 11:19:59 0 d-------- C:\Documents and Settings\kk007\Application Data\CyberLink
2008-03-12 18:40:50 0 d-------- C:\Documents and Settings\kk007\Application Data\Webroot
2008-03-12 18:40:48 0 d-------- C:\Program Files\Webroot
2008-03-12 18:07:46 164 --a------ C:\install.dat
2008-03-09 17:55:13 0 d-------- C:\Documents and Settings\kk007\Application Data\EPSON
2008-03-09 13:11:47 0 d-------- C:\Documents and Settings\kk007\Application Data\Leadertech
2008-03-09 13:08:45 0 d-------- C:\Program Files\epson
2008-03-09 13:08:28 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-03-09 13:05:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-09 13:02:32 0 d-------- C:\Documents and Settings\kk007\Application Data\InstallShield
2008-03-08 01:53:23 0 d-------- C:\Program Files\Sprint
2008-03-07 17:43:17 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-07 16:18:43 0 d-------- C:\Documents and Settings\kk007\Application Data\Macromedia
2008-03-06 12:25:06 0 d-------- C:\Documents and Settings\kk007\Application Data\Identities
2008-03-04 09:03:21 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-03 18:12:55 62 --ahs---- C:\Documents and Settings\kk007\Application Data\desktop.ini
2008-02-29 12:25:23 0 -rahs---- C:\MSDOS.SYS
2008-02-29 12:25:23 0 -rahs---- C:\IO.SYS
2008-02-29 12:25:23 0 --a------ C:\CONFIG.SYS
2008-02-29 12:25:23 0 --a------ C:\AUTOEXEC.BAT
2008-02-20 19:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 19:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 19:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 19:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 19:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 19:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [10/26/2004 01:01 PM C:\WINDOWS\system32\nwiz.exe]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 06:23 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 10:08 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 08:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 09:33 PM]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [09/01/2007 06:58 AM]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [10/12/2006 04:57 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 03:00 AM C:\WINDOWS\system32\rundll32.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/23/2006 02:48 AM]
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"@"="" []
"Spyware Begone"="C:\spywarebegone\SpywareBeGone.exe" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/01/2008 09:30 PM]
"SpyZooka"="C:\Program Files\SpyZooka\SpyZookaLdr.exe" [04/06/2007 09:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\kk007\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2/22/2005 11:31:52 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [5/11/2007 12:29:22 AM]
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [12/1/2003 3:28:00 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/28/2008 10:53:29 AM]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/24/2005 12:28:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 1:39:30 AM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe [7/9/2007 10:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= C:\PROGRA~1\SpyZooka\spyguard.dll [05/07/2005 11:25 PM 173568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"= {28592F10-A521-447B-9D79-B399E0D39753} - C:\WINDOWS\vadokmxt.dll [04/23/2008 12:04 PM 167936]
"wdpoefan"= {84C5CC00-6441-452D-9E90-50FFC7A02FC4} - C:\WINDOWS\wdpoefan.dll [04/23/2008 12:04 PM 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-03 22:14:45 ------------

I keep getting popups saying that my computer is infected and trying to get me to buy their adware removal.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:54 AM

Posted 04 May 2008 - 12:42 PM

Hi,

Please uninstall SpyZooka and Spyhunter again.

Then reboot.

After reboot.. * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:54 AM

Posted 12 May 2008 - 06:52 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users