Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seriously Infected With Malware! Please Help Me!


  • This topic is locked This topic is locked
17 replies to this topic

#1 riggsp

riggsp

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 26 May 2008 - 10:43 AM

After downloading a file that was supposed to be a theme for my blackberry; computer went crazy. The most common message or pop-up says it is Worm.Win32.netbooster. After doing some research I found that numerous people had the same problem. I followed the advice of a few forums to no avail. My computer is better but still has many issues. It will just randomly shut down; the clock in the lower right hand corner is in military time and says VIRUS ALERT; balloon says Automatic updates is off but when I go to it via the start menu it shows its on. These are just a few of the problems. Any help would be appreciated. I've downloaded and ran; Smitfraudfix; SUPERAnitiSpy Pro; dss.exe; Bitdefender Online scan! I'm running BitDefender 08' as AV program

Deckard's System Scanner v20071014.68
Run by Patrick Riggs on 2008-05-26 10:53:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-05-26 14:53:47 UTC - RP524 - Deckard's System Scanner Restore Point
5: 2008-05-26 14:25:46 UTC - RP523 - Last known good configuration
4: 2008-05-26 14:25:35 UTC - RP522 - Last known good configuration
3: 2008-05-26 14:25:35 UTC - RP521 - Last known good configuration
2: 2008-05-26 14:25:34 UTC - RP520 - Last known good configuration


-- First Restore Point --
1: 2008-05-26 14:25:34 UTC - RP519 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Patrick Riggs.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-26 10:55:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
C:\Program Files\Toshiba\E-KEY\CeEKey.exe
C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Patrick Riggs\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - win.ini: load=???
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - (no file)
O2 - BHO: (no name) - {BB694439-FD2D-4EDA-A99E-CB423263292B} - C:\WINDOWS\system32\awtsRkjH.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://ithelplive.iu.edu (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: vltdfabw - {299E9AA3-8439-48A8-A223-5319392CE185} - (no file)
O21 - SSODL: vregfwlx - {AA058EC6-2127-478D-9B8A-B92282B983CD} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--
End of file - 10857 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 SerTVOutCtlr (TOSHIBA Controls Driver -EPIOMngr) - c:\windows\system32\drivers\epiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S3 URC_USBV7 (URC USB Sync V70 USB Driver) - c:\windows\system32\drivers\urc_usbv7.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 18:23:48 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 08:02:04 90112 --a------ C:\WINDOWS\system32\vrmxvabl.dll
2008-05-25 19:33:34 0 d-------- C:\Program Files\VS Revo Group
2008-05-25 16:11:39 0 d-------- C:\WINDOWS\pss
2008-05-25 15:27:30 0 d-------- C:\!KillBox
2008-05-25 12:53:12 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-25 11:53:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 10:59:05 4328 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 10:58:17 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-25 10:58:17 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-25 10:58:17 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-25 10:58:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-25 10:58:17 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-25 10:58:17 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-25 10:58:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-25 10:58:17 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-25 10:58:14 0 d-------- C:\Documents and Settings\Administrator\SmitfraudFix <SMITFR~1>
2008-05-25 10:55:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-25 10:55:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-24 20:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 20:28:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 20:28:49 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\SUPERAntiSpyware.com
2008-05-24 19:41:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-24 19:41:54 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-24 19:41:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-24 19:41:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-24 19:41:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-24 19:41:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-24 19:41:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-24 19:41:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-24 19:41:53 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-24 19:41:52 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-24 18:47:39 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-24 17:42:00 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\TmpRecentIcons
2008-05-24 16:17:09 676961 --ahs---- C:\WINDOWS\system32\HjkRstwa.ini2
2008-05-24 16:17:03 318336 -----n--- C:\WINDOWS\system32\awtsRkjH.dll
2008-05-24 16:11:45 81920 --a------ C:\WINDOWS\xmpstean.exe
2008-05-24 16:11:45 94208 --a------ C:\WINDOWS\edwf.exe
2008-05-24 16:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-20 20:51:37 0 d-------- C:\Program Files\iPod
2008-05-20 20:51:31 0 d-------- C:\Program Files\iTunes
2008-05-20 18:30:12 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Apple Computer
2008-05-20 18:29:05 0 d-------- C:\Program Files\Bonjour
2008-05-20 18:28:17 0 d-------- C:\Program Files\QuickTime
2008-05-20 18:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-20 18:27:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 18:27:26 0 d-------- C:\Program Files\Common Files\Apple
2008-05-20 18:27:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 11:26:58 0 d-------- C:\Program Files\BitLord


-- Find3M Report ---------------------------------------------------------------

2008-05-26 10:53:13 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-25 20:08:42 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Vso
2008-05-25 20:08:41 33 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.log
2008-05-25 20:08:38 47360 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-25 20:08:38 1144 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.inf
2008-05-25 20:08:38 7887 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.cat
2008-05-25 20:00:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 19:49:26 0 d-------- C:\Program Files\Yahoo!
2008-05-25 19:23:34 0 d-------- C:\Program Files\Java
2008-05-25 19:13:17 0 d-------- C:\Program Files\Common Files
2008-05-03 11:02:08 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-01 20:13:52 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-01 19:15:36 0 d-------- C:\Program Files\RegistryFix
2008-05-01 19:05:13 0 d-------- C:\Program Files\BitTorrent
2008-04-21 23:14:45 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B33B96B9-E0C2-4648-9819-A38DDCAFA33C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB694439-FD2D-4EDA-A99E-CB423263292B}]
05/24/2008 16:17: VIRUS ALERT! 318336 --------- C:\WINDOWS\system32\awtsRkjH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
05/25/2008 19:23: VIRUS ALERT! 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
05/25/2008 19:23: VIRUS ALERT! 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/01/2004 21:03: VIRUS ALERT!]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/01/2004 20:59: VIRUS ALERT!]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 19:17: VIRUS ALERT! C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [04/20/2005 23:38: VIRUS ALERT!]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [02/25/2005 18:59: VIRUS ALERT!]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [02/22/2005 16:51: VIRUS ALERT!]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [04/28/2005 23:08: VIRUS ALERT!]
"TPSMain"="TPSMain.exe" [12/28/2004 19:02: VIRUS ALERT! C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 17:03: VIRUS ALERT!]
"ZoomingHook"="ZoomingHook.exe" [05/01/2004 02:03: VIRUS ALERT! C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/15/2005 19:51: VIRUS ALERT!]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [11/30/2004 00:06: VIRUS ALERT!]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 19:25: VIRUS ALERT!]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 20:37: VIRUS ALERT!]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 00:46: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/06/2007 13:11: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 15:49: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [05/03/2008 18:09: VIRUS ALERT!]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [05/03/2008 18:09: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [05/25/2008 19:23: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00: VIRUS ALERT!]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 21:05: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24: VIRUS ALERT!]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [8/24/2005 12:33:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13: VIRUS ALERT! 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41: VIRUS ALERT! 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 15:27: VIRUS ALERT! 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsRkjH

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85a4ade-3633-11db-a043-0015004ab402}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com


-- End of Deckard's System Scanner: finished at 2008-05-26 10:58:52 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 26 May 2008 - 11:00 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 26 May 2008 - 11:34 AM

Thank you so much for your reply. Here is the ComboFix log you requested!


ComboFix 08-05-25.5 - Patrick Riggs 2008-05-26 12:10:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495 [GMT -4:00]
Running from: C:\Documents and Settings\Patrick Riggs\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrick Riggs\Application Data\inst.exe
C:\WINDOWS\system32\aqehfkni.ini
C:\WINDOWS\system32\awtsRkjH.dll
C:\WINDOWS\system32\HjkRstwa.ini
C:\WINDOWS\system32\HjkRstwa.ini2
C:\WINDOWS\system32\hthysewy.ini
C:\WINDOWS\system32\lbavxmrv.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-26 10:53 . 2008-05-26 10:53 <DIR> d-------- C:\Deckard
2008-05-26 08:02 . 2008-05-26 08:02 90,112 --a------ C:\WINDOWS\system32\vrmxvabl.dll
2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-25 19:24 . 2008-05-25 19:23 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-05-25 19:24 . 2008-05-25 19:23 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 15:27 . 2008-05-25 15:27 <DIR> d-------- C:\!KillBox
2008-05-25 12:53 . 2008-05-25 14:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-05-25 11:53 . 2008-05-25 11:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 10:59 . 2008-05-25 17:32 4,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 10:58 . 2008-05-25 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\SmitfraudFix
2008-05-25 10:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-25 10:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-25 10:58 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-25 10:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-25 10:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-25 10:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-25 10:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-25 10:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-25 10:55 . 2008-05-25 10:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-24 20:29 . 2008-05-24 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 20:28 . 2008-05-25 11:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 20:28 . 2008-05-25 11:54 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\SUPERAntiSpyware.com
2008-05-24 19:41 . 2005-05-23 16:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-24 19:41 . 2005-05-23 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-24 19:41 . 2005-05-23 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-24 19:41 . 2005-05-23 17:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-24 19:41 . 2005-05-23 17:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-24 19:41 . 2005-12-13 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-24 19:41 . 2006-03-05 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-24 19:41 . 2008-05-25 10:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-24 18:47 . 2008-05-24 18:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-24 17:42 . 2008-05-24 17:42 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\TmpRecentIcons
2008-05-24 16:11 . 2008-05-24 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-24 16:11 . 2008-05-24 11:19 94,208 --a------ C:\WINDOWS\edwf.exe
2008-05-24 16:11 . 2008-05-24 11:20 81,920 --a------ C:\WINDOWS\xmpstean.exe
2008-05-20 20:52 . 2008-05-26 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 20:52 . 2008-05-20 20:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\iPod
2008-05-20 18:30 . 2008-05-20 18:30 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Apple Computer
2008-05-20 18:29 . 2008-05-20 18:29 <DIR> d-------- C:\Program Files\Bonjour
2008-05-20 18:28 . 2008-05-20 18:28 <DIR> d-------- C:\Program Files\QuickTime
2008-05-20 18:28 . 2008-05-20 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 11:26 . 2008-05-03 11:34 <DIR> d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 00:08 47,360 ----a-w C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.sys
2008-05-26 00:08 --------- d-----w C:\Documents and Settings\Patrick Riggs\Application Data\Vso
2008-05-26 00:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 23:49 --------- d-----w C:\Program Files\Yahoo!
2008-05-25 23:23 --------- d-----w C:\Program Files\Java
2008-05-03 22:09 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-02 00:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-01 23:15 --------- d-----w C:\Program Files\RegistryFix
2008-05-01 23:05 --------- d-----w C:\Program Files\BitTorrent
2008-04-22 03:14 --------- d-----w C:\Documents and Settings\Patrick Riggs\Application Data\BitTorrent
2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-04-21 23:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-20 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\{83178631-EDD2-42F1-84FF-FE7F15AB618D}
2007-11-08 12:58 1,734 -c--a-w C:\Documents and Settings\Patrick Riggs\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-05-25 19:23 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-05-25 19:23 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-01 21:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-01 20:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 19:17 88358 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 23:38 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 18:59 65536]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 16:51 24576]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 23:08 675840]
"TPSMain"="TPSMain.exe" [2004-12-28 19:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 17:03 1077301]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 02:03 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 19:51 122880]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 00:06 53248]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 19:25 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-06 13:11 185896]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-05-03 18:09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-03 18:09 360448]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-05-25 19:23 136600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-24 12:33:21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 15:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= nsvideo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-05-03 18:09]
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-17 12:17]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-19 13:59]
S3 URC_USBV7;URC USB Sync V70 USB Driver;C:\WINDOWS\system32\Drivers\URC_USBV7.sys [2007-03-31 13:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85a4ade-3633-11db-a043-0015004ab402}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 22:23:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 12:26:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-26 12:29:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 16:29:50

Pre-Run: 39,421,632,512 bytes free
Post-Run: 39,490,936,832 bytes free

215 --- E O F --- 2008-05-16 23:49:59

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 27 May 2008 - 11:17 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\edwf.exe
C:\WINDOWS\xmpstean.exe
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 27 May 2008 - 12:44 PM

I followed the instructions from the previous reply. Here is the log from ComboFix after pasting files into. The online scanner could not download the ActiveX control; must have administrative rights. I should be the only user; and administrator. Thanks for the help so far; I will continue to follow instructions to resolve this.

ComboFix 08-05-25.5 - Patrick Riggs 2008-05-27 13:01:19.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.619 [GMT -4:00]
Running from: C:\Documents and Settings\Patrick Riggs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patrick Riggs\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\edwf.exe
C:\WINDOWS\xmpstean.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-27 12:08 . 2008-05-27 12:11 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\MalwareRemovalBot
2008-05-26 10:53 . 2008-05-26 10:53 <DIR> d-------- C:\Deckard
2008-05-26 08:02 . 2008-05-26 08:02 90,112 --a------ C:\WINDOWS\system32\vrmxvabl.dll
2008-05-25 19:33 . 2008-05-25 19:33 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-25 19:24 . 2008-05-25 19:23 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-05-25 19:24 . 2008-05-25 19:23 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 15:27 . 2008-05-25 15:27 <DIR> d-------- C:\!KillBox
2008-05-25 12:53 . 2008-05-25 14:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-05-25 10:59 . 2008-05-26 13:27 4,330 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 10:58 . 2008-05-25 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\SmitfraudFix
2008-05-25 10:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-25 10:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-25 10:58 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-25 10:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-25 10:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-25 10:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-25 10:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-25 10:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-25 10:55 . 2008-05-25 10:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-24 20:29 . 2008-05-24 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 20:28 . 2008-05-26 13:24 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\SUPERAntiSpyware.com
2008-05-24 19:41 . 2005-05-23 16:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-24 19:41 . 2005-05-23 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-24 19:41 . 2005-05-23 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-24 19:41 . 2005-05-23 17:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-24 19:41 . 2005-05-23 17:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-24 19:41 . 2005-12-13 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-24 19:41 . 2006-03-05 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-24 19:41 . 2008-05-25 10:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-24 18:47 . 2008-05-24 18:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-24 17:42 . 2008-05-24 17:42 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\TmpRecentIcons
2008-05-24 16:11 . 2008-05-24 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-20 20:52 . 2008-05-27 12:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 20:52 . 2008-05-20 20:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\iPod
2008-05-20 18:30 . 2008-05-27 07:35 <DIR> d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Apple Computer
2008-05-20 18:29 . 2008-05-20 18:29 <DIR> d-------- C:\Program Files\Bonjour
2008-05-20 18:28 . 2008-05-20 18:28 <DIR> d-------- C:\Program Files\QuickTime
2008-05-20 18:28 . 2008-05-20 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-20 18:27 . 2008-05-20 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 11:26 . 2008-05-03 11:34 <DIR> d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 12:13 1,966,080 -c--a-w C:\WINDOWS\system32\cdintf251.dll
2008-05-27 16:58 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-26 00:08 47,360 ----a-w C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.sys
2008-05-26 00:08 --------- d-----w C:\Documents and Settings\Patrick Riggs\Application Data\Vso
2008-05-26 00:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 23:49 --------- d-----w C:\Program Files\Yahoo!
2008-05-25 23:23 --------- d-----w C:\Program Files\Java
2008-05-03 22:09 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-03 15:02 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-05-02 00:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-01 23:15 --------- d-----w C:\Program Files\RegistryFix
2008-05-01 23:05 --------- d-----w C:\Program Files\BitTorrent
2008-04-22 03:14 --------- d-----w C:\Documents and Settings\Patrick Riggs\Application Data\BitTorrent
2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-04-21 23:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-20 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\{83178631-EDD2-42F1-84FF-FE7F15AB618D}
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-08 12:58 1,734 -c--a-w C:\Documents and Settings\Patrick Riggs\Application Data\wklnhst.dat
2007-03-31 17:24 16,384 ----a-w C:\WINDOWS\inf\URC_USBV7.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-26_12.29.33.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 16:17:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 16:32:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 16:32:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-05-25 19:23 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-05-25 19:23 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-01 21:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-01 20:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 19:17 88358 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 23:38 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 18:59 65536]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 16:51 24576]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 23:08 675840]
"TPSMain"="TPSMain.exe" [2004-12-28 19:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 17:03 1077301]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 02:03 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 19:51 122880]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 00:06 53248]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 19:25 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-06 13:11 185896]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-05-25 19:23 136600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-24 12:33:21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 15:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= nsvideo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-05-03 18:09]
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-17 12:17]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-19 13:59]
S3 URC_USBV7;URC USB Sync V70 USB Driver;C:\WINDOWS\system32\Drivers\URC_USBV7.sys [2007-03-31 13:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85a4ade-3633-11db-a043-0015004ab402}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 22:23:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 16:08:04 C:\WINDOWS\Tasks\MalwareRemovalBot Scheduled Scan.job"
- C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.ex
- C:\Program Files\MalwareRemovalBot
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 13:02:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-05-27 13:04:04
ComboFix-quarantined-files.txt 2008-05-27 17:03:30
ComboFix2.txt 2008-05-27 16:44:34
ComboFix3.txt 2008-05-27 16:30:15
ComboFix4.txt 2008-05-26 16:29:56

Pre-Run: 39,434,321,920 bytes free
Post-Run: 39,421,267,968 bytes free

193 --- E O F --- 2008-05-16 23:49:59

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 27 May 2008 - 02:23 PM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new DSS log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 27 May 2008 - 04:00 PM

I was able to get the online KasScan to work properly. Also attached is the new DSS log. I could not upload (due to file type) or copy paste the Dr. Web list. I hope we're on the right track; sure seems promising! Thanks again!

I was able to get the online KasScan to work properly. Also attached is the new DSS log. I could not upload (due to file type) or copy paste the Dr. Web list. I hope we're on the right track; sure seems promising! Thanks again!

Attached Files



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 28 May 2008 - 09:51 AM

Please delete this file, it's infected.

C:\Documents and Settings\Patrick Riggs\My Documents\BitTorrent Downloads\1CLICK DVD Copy PRO 3.1.3.9(NEW-with serial key)\1CLICK DVD Copy Pro 3.1.3.9.rar




Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)





You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Please post a new log from DSS in your next reply.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 28 May 2008 - 06:16 PM

Thanks so much! Everything seems to be operating properly. The only thing is, the clock in the lower right hand corner is still in military time and says "VIRUS ALERT" even after dumping the two files into Combo Fix and it saying the clock had been adjusted! However, in the time and date settings under control panel; the time looks correct! We're so close!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15: VIRUS ALERT!, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O21 - SSODL: vltdfabw - {299E9AA3-8439-48A8-A223-5319392CE185} - (no file)
O21 - SSODL: vregfwlx - {AA058EC6-2127-478D-9B8A-B92282B983CD} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9554 bytes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 29 May 2008 - 09:47 AM

Try this to adjust your time settings.

In Control Panel, double-click Regional Options.
In Regional Options, click Customize.
Click the Time tab.
Do one of the following:
Change Time format to HH:mm:ss for a 24-hour clock.
Change Time format to hh:mm:ss tt for a 12-hour clock.


================


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O21 - SSODL: vltdfabw - {299E9AA3-8439-48A8-A223-5319392CE185} - (no file)
O21 - SSODL: vregfwlx - {AA058EC6-2127-478D-9B8A-B92282B983CD} - (no file)




Reboot and post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 29 May 2008 - 10:16 PM

Thanks again for all your help! The donation in which I will be sending has been well earned. Here is the latest DSS log as you requested. Let me know how it looks. The machine seems to be operating flawlessly!

Deckard's System Scanner v20071014.68
Run by Patrick Riggs on 2008-05-29 23:05:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Patrick Riggs.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:31 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Patrick Riggs\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\PATRIC~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9347 bytes

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-28 19:12:06 0 d-------- C:\Program Files\Hijack This
2008-05-28 14:48:38 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 16:24:19 0 d-------- C:\Documents and Settings\Patrick Riggs\DoctorWeb
2008-05-27 14:09:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 14:09:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 12:08:03 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\MalwareRemovalBot
2008-05-26 12:09:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-26 12:09:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-26 12:09:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-26 12:09:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-26 12:09:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-26 12:09:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-26 12:09:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-26 12:09:51 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-26 08:02:04 90112 --a------ C:\WINDOWS\system32\vrmxvabl.dll
2008-05-25 19:33:34 0 d-------- C:\Program Files\VS Revo Group
2008-05-25 16:11:39 0 d-------- C:\WINDOWS\pss
2008-05-25 15:27:30 0 d-------- C:\!KillBox
2008-05-25 12:53:12 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-25 10:59:05 4330 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 10:58:17 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-25 10:58:17 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-25 10:58:17 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-25 10:58:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-25 10:58:17 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-25 10:58:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-25 10:58:17 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-25 10:58:14 0 d-------- C:\Documents and Settings\Administrator\SmitfraudFix
2008-05-25 10:55:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-25 10:55:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-24 20:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 20:28:49 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\SUPERAntiSpyware.com
2008-05-24 19:41:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-24 19:41:54 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-24 19:41:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-24 19:41:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-24 19:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-24 19:41:53 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-24 19:41:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-24 19:41:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-24 19:41:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-24 19:41:53 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-24 19:41:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-24 19:41:52 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-24 18:47:39 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-24 17:42:00 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\TmpRecentIcons
2008-05-24 16:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-20 20:51:37 0 d-------- C:\Program Files\iPod
2008-05-20 20:51:31 0 d-------- C:\Program Files\iTunes
2008-05-20 18:30:12 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Apple Computer
2008-05-20 18:29:05 0 d-------- C:\Program Files\Bonjour
2008-05-20 18:28:17 0 d-------- C:\Program Files\QuickTime
2008-05-20 18:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-20 18:27:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 18:27:26 0 d-------- C:\Program Files\Common Files\Apple
2008-05-20 18:27:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 11:26:58 0 d-------- C:\Program Files\BitLord


-- Find3M Report ---------------------------------------------------------------

2008-05-29 23:04:31 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-28 14:49:32 0 d-------- C:\Program Files\Java
2008-05-28 14:48:38 0 d-------- C:\Program Files\Common Files
2008-05-25 20:08:42 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\Vso
2008-05-25 20:08:41 33 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.log
2008-05-25 20:08:38 47360 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-25 20:08:38 1144 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.inf
2008-05-25 20:08:38 7887 --a------ C:\Documents and Settings\Patrick Riggs\Application Data\pcouffin.cat
2008-05-25 20:00:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-25 19:49:26 0 d-------- C:\Program Files\Yahoo!
2008-05-03 11:02:08 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-01 20:13:52 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-01 19:15:36 0 d-------- C:\Program Files\RegistryFix
2008-05-01 19:05:13 0 d-------- C:\Program Files\BitTorrent
2008-04-21 23:14:45 0 d-------- C:\Documents and Settings\Patrick Riggs\Application Data\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/01/2004 09:03 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/01/2004 08:59 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 07:17 PM C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [04/20/2005 11:38 PM]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [02/25/2005 06:59 PM]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [02/22/2005 04:51 PM]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [04/28/2005 11:08 PM]
"TPSMain"="TPSMain.exe" [12/28/2004 07:02 PM C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 05:03 PM]
"ZoomingHook"="ZoomingHook.exe" [05/01/2004 02:03 AM C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/15/2005 07:51 PM]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [11/30/2004 12:06 AM]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 07:25 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/06/2007 01:11 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [8/24/2005 12:33:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 03:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85a4ade-3633-11db-a043-0015004ab402}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe




-- End of Deckard's System Scanner: finished at 2008-05-29 23:06:40 ------------

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 30 May 2008 - 01:31 AM

Awesome to hear! :thumbsup:

Your log looks pretty good. How is your clock settings? Did you get that sorted out yet?
Also are you missing any shortcuts from your desktop?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 31 May 2008 - 11:00 AM

I did get the clock sorted out in the regional settings you had mentioned; perfect! Should I keep the programs you have had me download or not? I did have one or two shortcuts missing but I think I have taken care of that as well. Thanks again for your all your help. :thumbsup: Last thing, do you have any recommendations about what anti-(everything) software would be best for this machine?

#14 riggsp

riggsp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Indiana
  • Local time:10:12 PM

Posted 31 May 2008 - 11:48 AM

Ok, there is one more thing. In system properties; general tab; under registered to, it has my name and VIRUSALERT, like the clock did earlier. I can't figure out how to change it either!

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:12 PM

Posted 31 May 2008 - 07:38 PM

Aahhh...that one's a little tricky. Check out this link and follow the instructions there carefully.

http://miekiemoes.blogspot.com/2008/05/vir...to-restore.html

Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users