Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer Users32.dat


  • This topic is locked This topic is locked
3 replies to this topic

#1 SNW

SNW

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 08 May 2008 - 07:23 PM

Hi, I was instructed to post my Sdfix log in here from this previous topic. http://www.bleepingcomputer.com/forums/t/145772/computer-infected/
First i would like to thank all of you who have helped me thus far it's greatly appreciated.

SDfix LOG

[b]SDFix: Version 1.180 [/b]
Run by Chris on Thu 05/08/2008 at 06:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\cmd.com  - Deleted
C:\WINDOWS\system32\netstat.com  - Deleted
C:\WINDOWS\system32\ping.com  - Deleted
C:\WINDOWS\system32\taskkill.com  - Deleted
C:\WINDOWS\system32\tasklist.com  - Deleted
C:\WINDOWS\system32\tracert.com  - Deleted





The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe 
C:\Program Files\Dell\Media Experience\DMXLauncher.exe 
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe 
C:\Program Files\QuickTime\qttask.exe 
C:\Program Files\iTunes\iTunesHelper.exe 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
C:\Program Files\MSN Messenger\MsnMsgr.exe 

 
Removing Temp Files

[b]ADS Check [/b]:
 


								 [b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 18:12:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1162863550\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1162863550\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1162863550\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1162863550\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\Sogou PXP\\p2psvr.exe"="C:\\Program Files\\Common Files\\Sogou PXP\\p2psvr.exe:*:Enabled:Sogou P4P Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  1 Sep 2004		54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed  1 Sep 2004	   156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed  1 Sep 2004		31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Mon 12 Nov 2007		   848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 12 Sep 2007			 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  6 May 2008			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT10.tmp"
Thu 19 Oct 2006			 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 19 Oct 2006			 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Thu 19 Oct 2006			 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Thu 19 Oct 2006			 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Thu 19 Oct 2006			 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"

[b]Finished![/b]


BC AdBot (Login to Remove)

 


m

#2 SNW

SNW
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 11 May 2008 - 10:44 AM

I understand I'm not supposed to "bump" my topic as it will only push me farther down the list but recently I've been seeing the HJT(sp?) responding to topic that were just started yesterday so i wasn't sure if you guys check back this far (currently on page 10) and I'd really like to solve this problem especially as i was instructed not to use this computer for Internet use until it's fixed so I've just been connecting to the Internet through this 3 times daily just to check this forum and see if I've received help. Here is my DSS logs main.txt posted with the extra attatched.

Main.txt
Deckard's System Scanner v20071014.68
Run by Family on 2008-05-11 10:04:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
99: 2008-05-11 16:04:25 UTC - RP591 - Deckard's System Scanner Restore Point
98: 2008-05-11 05:48:48 UTC - RP590 - System Checkpoint
97: 2008-05-08 18:59:15 UTC - RP589 - System Checkpoint
96: 2008-05-07 18:06:36 UTC - RP588 - System Checkpoint
95: 2008-05-06 17:50:55 UTC - RP587 - System Checkpoint


-- First Restore Point --
1: 2008-04-29 18:50:51 UTC - RP493 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Family.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:17 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Family\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=_D...OMHK2yqiGy9dtYo
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\4.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q C:\WINDOWS\system32\rundll32.SH! C:\DOCUME~1\Family\Cookies\FA6D5D~1.SH! C:\DOCUME~1\Family\Cookies\FAC1CF~1.SH! C:\DOCUME~1\Family\Cookies\FAC9CF~1.SH! C:\DOCUME~1\Family\Cookies\FACDCF~1.SH! C:\DOCUME~1\Family\Cookies\FAC1DF~1.SH! C:\DOCUME~1\Family\Cookies\FA3640~1.SH! C:\DOCUME~1\Family\Cookies\FA464E~1.SH! C:\DOCUME~1\Family\Cookies\FA464C~1.SH! C:\DOCUME~1\Family\Cookies\FA464A~1.SH! C:\DOCUME~1\Family\Cookies\FA4648~1.SH! C:\DOCUME~1\Family\Cookies\FA4646~1.SH! C:\DOCUME~1\Family\Cookies\FA4EA7~1.SH! C:\DOCUME~1\Family\Cookies\FA42B7~1.SH! C:\DOCUME~1\Family\Cookies\FA46B7~1.SH! C:\DOCUME~1\Family\Cookies\FA4AB7~1.SH! C:\DOCUME~1\Family\Cookies\FA4EB7~1.SH! C:\DOCUME~1\Family\Cookies\FA46C7~1.SH! C:\DOCUME~1\Family\Cookies\FAC5CF~1.SH! C:\DOCUME~1\Family\Cookies\FAC5DF~1.SH! C:\DOCUME~1\Family\Cookies\FAMILY~1.SH! C:\DOCUME~1\Family\Cookies\FAC1EF~1.SH! C:\DOCUME~1\Family\Cookies\FAMILY~4.SH! C:\DOCUME~1\Family\Cookies\FAMILY~
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O20 - AppInit_DLLs: cru629.dat
O21 - SSODL: DrvAvp - {3abd1a3a-d67b-4a44-97ba-2b1666512fe7} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10718 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 catchme - c:\docume~1\chris\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-11 02:13:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-08 18:42:19 348 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-04-30 20:24:07 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-04-29 14:07:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 10:06:52 0 d-------- C:\Program Files\Trend Micro
2008-05-09 13:48:52 0 d-------- C:\Documents and Settings\Chris\Application Data\FUJIFILM
2008-05-08 18:00:57 0 d-------- C:\WINDOWS\ERUNT
2008-05-07 23:12:07 0 d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-05-07 23:11:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-07 23:11:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 22:19:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-07 22:10:27 3046 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-07 22:09:37 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-07 22:09:37 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-07 22:09:36 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-07 22:09:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-07 22:09:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-07 22:09:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-07 22:09:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-06 20:57:26 0 d-------- C:\Documents and Settings\Chris\Application Data\COMCASTTOOLBAR
2008-05-03 22:04:03 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-03 22:04:03 0 d-------- C:\Program Files\ComcastToolbar
2008-05-03 22:04:02 0 d-------- C:\Documents and Settings\Family\Application Data\ComcastToolbar
2008-05-01 18:23:34 0 d-------- C:\Documents and Settings\Chris\Application Data\McAfee
2008-05-01 12:29:04 0 d-------- C:\Documents and Settings\Family\Application Data\McAfee
2008-04-30 20:16:36 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-30 20:11:15 0 d-------- C:\Program Files\McAfee.com
2008-04-30 20:10:52 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-30 20:10:44 0 d-------- C:\Program Files\McAfee
2008-04-30 20:06:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-30 19:14:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-30 19:11:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-30 19:10:40 0 d-------- C:\WINDOWS\CSC
2008-04-30 17:34:02 15115 --a------ C:\WINDOWS\system32\zovi.pif
2008-04-30 17:34:02 12777 --a------ C:\WINDOWS\system32\qynidub.scr
2008-04-30 17:34:02 10064 --a------ C:\WINDOWS\liticixufa.exe
2008-04-30 17:34:02 19713 --a------ C:\WINDOWS\icahulu.com
2008-04-30 17:34:02 15951 --a------ C:\Program Files\Common Files\tocodevuve.exe
2008-04-30 17:34:02 13560 --a------ C:\Program Files\Common Files\exulakari.dat
2008-04-30 17:34:02 12881 --a------ C:\Documents and Settings\Chris\Application Data\mume.pif
2008-04-30 17:34:02 18293 --a------ C:\Documents and Settings\Chris\Application Data\huwy.exe
2008-04-30 13:17:20 0 d-------- C:\Documents and Settings\Family\Application Data\Help
2008-04-29 12:45:30 0 d-------- C:\Documents and Settings\All Users\Application Data\relmbylc
2008-04-16 15:06:12 0 d-------- C:\Program Files\FinePixViewerS
2008-04-16 15:05:07 0 d-------- C:\Documents and Settings\Family\Application Data\FUJIFILM
2008-04-15 14:49:30 0 d-------- C:\Program Files\Safari


-- Find3M Report ---------------------------------------------------------------

2008-05-08 18:14:54 0 d-------- C:\Program Files\Dl_cats
2008-05-04 23:42:45 0 d-------- C:\Program Files\Morpheus
2008-05-04 23:42:45 0 d-------- C:\Documents and Settings\Family\Application Data\Morpheus
2008-05-04 23:16:10 0 d-------- C:\Program Files\Red Kawa
2008-05-03 22:04:03 0 d-------- C:\Program Files\Common Files
2008-05-02 13:15:46 0 d-------- C:\Program Files\Dell Support
2008-05-02 12:58:01 0 d-------- C:\Documents and Settings\Family\Application Data\Apple Computer
2008-04-30 21:13:59 0 d--hs---- C:\Program Files\outlook
2008-04-30 18:33:16 0 d-------- C:\Program Files\QuickTime
2008-04-30 18:33:16 0 d-------- C:\Program Files\MSN Messenger
2008-04-30 18:33:16 0 d-------- C:\Program Files\iTunes
2008-04-30 18:33:16 0 d-------- C:\Program Files\Dell AIO 810
2008-04-16 15:06:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 15:05:18 0 d-------- C:\Documents and Settings\Family\Application Data\InstallShield
2008-04-15 14:59:22 0 d-------- C:\Program Files\Apple Software Update
2008-04-15 14:47:51 0 d-------- C:\Program Files\iPod
2008-04-08 15:08:10 0 d-------- C:\Program Files\Test Tone Generator


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [09/08/2005 12:56 PM]
"SigmatelSysTrayApp"="stsystra.exe" [08/15/2006 02:00 AM C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 07:39 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04/30/2008 06:25 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [04/30/2008 06:25 PM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [04/30/2008 06:25 PM]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [04/30/2008 06:25 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [04/30/2008 06:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/30/2008 06:25 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/30/2008 06:25 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [05/02/2008 01:02 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/30/2008 06:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/30/2008 06:25 PM]
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q C:\WINDOWS\system32\rundll32.SH! C:\DOCUME~1\Family\Cookies\FA6D5D~1.SH! C:\DOCUME~1\Family\Cookies\FAC1CF~1.SH! C:\DOCUME~1\Family\Cookies\FAC9CF~1.SH! C:\DOCUME~1\Family\Cookies\FACDCF~1.SH! C:\DOCUME~1\Family\Cookies\FAC1DF~1.SH! C:\DOCUME~1\Family\Cookies\FA3640~1.SH! C:\DOCUME~1\Family\Cookies\FA464E~1.SH! C:\DOCUME~1\Family\Cookies\FA464C~1.SH! C:\DOCUME~1\Family\Cookies\FA464A~1.SH! C:\DOCUME~1\Family\Cookies\FA4648~1.SH! C:\DOCUME~1\Family\Cookies\FA4646~1.SH! C:\DOCUME~1\Family\Cookies\FA4EA7~1.SH! C:\DOCUME~1\Family\Cookies\FA42B7~1.SH! C:\DOCUME~1\Family\Cookies\FA46B7~1.SH! C:\DOCUME~1\Family\Cookies\FA4AB7~1.SH! C:\DOCUME~1\Family\Cookies\FA4EB7~1.SH! C:\DOCUME~1\Family\Cookies\FA46C7~1.SH! C:\DOCUME~1\Family\Cookies\FAC5CF~1.SH! C:\DOCUME~1\Family\Cookies\FAC5DF~1.SH! C:\DOCUME~1\Family\Cookies\FAMILY~1.SH! C:\DOCUME~1\Family\Cookies\FAC1EF~1.SH! C:\DOCUME~1\Family\Cookies\FAMILY~4.SH! C:\DOCUME~1\Family\Cookies\FAMILY~2.SH! C:\DOCUME~1\Family\Cookies\FA4640~1.SH! C:\DOCUME~1\Family\Cookies\FA1AA1~1.SH! C:\DOCUME~1\Family\Cookies\FACDDF~1.SH! C:\DOCUME~1\Family\Cookies\FA9BB9~1.SH! C:\DOCUME~1\Family\Cookies\FAA06C~1.SH! C:\DOCUME~1\Family\Cookies\FA42C7~1.SH! C:\DOCUME~1\Family\Cookies\FA4AC7~1.SH! C:\DOCUME~1\Family\Cookies\FA9767~1.SH! C:\DOCUME~1\Family\Cookies\FAMILY~3.SH! C:\DOCUME~1\Family\Cookies\FAA7FA~1.SH! C:\DOCUME~1\Family\Cookies\FA81CD~1.SH! C:\DOCUME~1\Family\Cookies\FA1EA1~1.SH! C:\DOCUME~1\Family\Cookies\FA4EC7~1.SH! C:\DOCUME~1\Family\Cookies\FAD1BD~1.SH! C:\DOCUME~1\Family\Cookies\index.SH! C:\DOCUME~1\Family\Cookies\FA8E4C~1.SH! C:\DOCUME~1\Family\Cookies\FA9557~1.SH! C:\DOCUME~1\Family\Cookies\FACCCB~1.SH! C:\DOCUME~1\Family\MYDOCU~1\MORPHE~1\DOWNLO~1\RAPE-T~1.SH!

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-05-11 10:07:43 ------------

Attached Files


Edited by SNW, 11 May 2008 - 11:21 AM.


#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:58 AM

Posted 31 May 2008 - 11:32 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new log in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:58 AM

Posted 09 June 2008 - 07:20 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users