Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viral Cocktail Attacking Computer


  • This topic is locked This topic is locked
8 replies to this topic

#1 kaizen

kaizen

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 31 May 2008 - 08:04 PM

Hello all, recently my computer has become infected by a large amount of virus,trojans, etc. Recently these have been halting my ability to download updates from microsoft and also the popup that my antivirus program is outdated is persistant. I am also unable to change my autoupdate downloads from microsoft to on, even though it is telling me it is turned on via the control panel it is still considered off from the destop icon and the pop up. I am also unable to access certain sites on both internet explorer and firefox and recieve popups in both browsers. You guys helped me out before way back in 2006 and any new help will once again be appreciated. Thank You you in advance for the help and I hope someone can help me to thrwart these evil programs.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 31, 2008 6:03:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 818692
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 90317
Number of viruses found: 11
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 02:02:29

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\Dwight\0 Infected: not-a-virus:Monitor.Win32.007SpySoft.308 skipped
C:\Documents and Settings\Dwight\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dwight\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwo19v10.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwo19v10.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwo19v10.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dwight\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwo19v10.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dwight\My Documents\nexon\MapleGeek v0.54.2.exe Infected: Trojan-PSW.Win32.Mapler.aj skipped
C:\Documents and Settings\Dwight\My Documents\nexon\MapleGeek54.exe Infected: Trojan-PSW.Win32.Mapler.aj skipped
C:\Documents and Settings\Dwight\My Documents\nexon\MapleGeek54d.exe Infected: Trojan-PSW.Win32.Mapler.aj skipped
C:\Documents and Settings\Dwight\My Documents\nexon\MapleGeekv55.exe Infected: Trojan-PSW.Win32.Mapler.ak skipped
C:\Documents and Settings\Dwight\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dwight\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dwight\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\812.tmp Infected: Trojan.Win32.ShipUp.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP674\A0152196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP676\A0155636.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP677\A0155704.dll Infected: Trojan.Win32.Monder.le skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP687\A0158625.dll Infected: Trojan.Win32.Monder.le skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP687\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\awutnbon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\mohpxslm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\WINDOWS\system32\upjxqfxq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.



Deckard's System Scanner v20071014.68
Run by Dwight on 2008-05-31 18:36:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Dwight.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:05 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Dwight\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwight.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {109F4FE9-9D91-4B18-AAD1-E7163FD38E70} - (no file)
O2 - BHO: (no name) - {46776ED5-41AB-492E-9C5C-1FF5C758C016} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EB0D73E6-6EA5-46FF-A48D-1CD93AF538DE} - C:\WINDOWS\system32\iifgGYsp.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [2e7afc00] rundll32.exe "C:\WINDOWS\system32\uucytwmw.dll",b
O4 - HKLM\..\Run: [BM2d49cf9c] Rundll32.exe "C:\WINDOWS\system32\qwcjkapx.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [application] C:\Program Files\ACSPMonitor\ASMonitor.exe h
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwight\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.4.105.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dj06.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162670002343
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://www.bombndash.com/common/AppCaller.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10609 bytes

-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 15:35:02 0 dr-h----- C:\Documents and Settings\Dwight\Recent
2008-05-31 14:59:37 114176 --a------ C:\WINDOWS\system32\uucytwmw.dll
2008-05-31 14:53:37 2560 --a------ C:\WINDOWS\system32\fxceyipb.exe
2008-05-31 14:52:39 126464 --a------ C:\WINDOWS\system32\qwcjkapx.dll
2008-05-31 11:31:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 11:31:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 19:33:09 0 d-------- C:\Microsoft
2008-05-30 19:31:32 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-05-30 19:30:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-05-30 19:29:40 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-05-30 19:29:40 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-30 19:29:34 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 19:29:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-30 19:29:29 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-30 19:29:29 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-30 15:05:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\Templates
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\Start Menu
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\SendTo
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\Recent
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\PrintHood
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\NetHood
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\My Documents
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\Local Settings
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\Favorites
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Desktop
2008-05-30 15:05:04 0 d---s---- C:\Documents and Settings\Administrator.PC161035812295\Cookies
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\Application Data
2008-05-30 15:05:04 0 d---s---- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Microsoft
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Macromedia
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Intuit
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Identities
2008-05-30 15:05:03 1048576 --ah----- C:\Documents and Settings\Administrator.PC161035812295\NTUSER.DAT
2008-05-30 14:59:55 0 d-------- C:\Program Files\Lavasoft
2008-05-30 14:59:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-30 14:45:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 14:30:58 2560 --a------ C:\WINDOWS\system32\vlvrthub.exe
2008-05-30 14:28:42 125440 --a------ C:\WINDOWS\system32\upjxqfxq.dll
2008-05-30 14:27:58 273686 --ahs---- C:\WINDOWS\system32\psYGgfii.ini2
2008-05-30 14:27:49 373248 --a------ C:\WINDOWS\system32\iifgGYsp.dll
2008-05-30 14:13:40 2560 --a------ C:\WINDOWS\system32\nwgvytxy.exe
2008-05-30 14:04:57 125440 --a------ C:\WINDOWS\system32\mohpxslm.dll
2008-05-30 13:22:40 243029 --ahs---- C:\WINDOWS\system32\VuuCbJlm.ini2
2008-05-30 12:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-30 01:08:14 2560 --a------ C:\WINDOWS\system32\vnnnjpdo.exe
2008-05-30 01:05:45 126976 --a------ C:\WINDOWS\system32\awutnbon.dll
2008-05-29 13:09:21 0 d-------- C:\Documents and Settings\Dwight\Application Data\Ulead Systems
2008-05-29 13:03:50 260960 --ahs---- C:\WINDOWS\system32\JknqYJlm.ini2
2008-05-29 12:10:16 0 d-------- C:\Program Files\Windows Media Components
2008-05-29 12:08:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 22:29:51 0 d-------- C:\Documents and Settings\All Users\CyberLink
2008-05-28 22:29:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-05-26 01:55:46 0 d-------- C:\Program Files\QuickTime
2008-04-30 10:24:49 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-31 15:31:19 0 d-------- C:\Program Files\Trend Micro
2008-05-30 19:33:08 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-30 15:40:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 15:40:15 0 d-------- C:\Program Files\Creative
2008-05-30 15:39:41 0 d-------- C:\Program Files\DivX
2008-05-30 15:36:20 0 d-------- C:\Program Files\Common Files
2008-05-29 13:59:53 0 d-------- C:\Documents and Settings\Dwight\Application Data\uTorrent
2008-05-28 22:25:08 0 d-------- C:\Documents and Settings\Dwight\Application Data\CyberLink
2008-05-19 19:11:57 2276 --a----c- C:\WINDOWS\checkip.dat
2008-05-18 23:31:10 0 d-------- C:\Program Files\Last.fm
2008-05-01 11:27:40 40 --a----c- C:\WINDOWS\popcinfo.dat
2008-05-01 01:07:01 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 10:25:19 0 d-------- C:\Program Files\iTunes
2008-04-30 09:08:18 0 d-------- C:\Program Files\Motorola
2008-04-26 11:16:54 0 d-------- C:\Program Files\Magic AAC to MP3 Converter
2008-04-20 20:32:23 0 d-------- C:\Program Files\TriglowPictures
2008-04-18 10:20:13 197 --ahs---- C:\Program Files\Common Files\maxtreme.dat
2008-04-18 10:19:10 0 d-------- C:\Documents and Settings\Dwight\Application Data\Webcammax
2008-04-06 20:57:07 0 d-------- C:\Program Files\Motorola Phone Tools
2008-04-05 17:13:59 0 d-------- C:\Program Files\Avanquest update
2008-04-05 13:20:03 0 d-------- C:\Program Files\Cell Phone Manager
2008-03-22 20:08:57 0 --a----c- C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109F4FE9-9D91-4B18-AAD1-E7163FD38E70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46776ED5-41AB-492E-9C5C-1FF5C758C016}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB0D73E6-6EA5-46FF-A48D-1CD93AF538DE}]
05/30/2008 02:27 PM 373248 --a------ C:\WINDOWS\system32\iifgGYsp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 11:02 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [06/23/2006 05:43 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 07:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 07:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/02/2006 06:21 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [07/13/2006 02:02 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 09:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [04/22/2004 10:22 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 07:18 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/14/2006 02:39 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/14/2006 02:41 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/14/2006 02:38 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"2e7afc00"="C:\WINDOWS\system32\uucytwmw.dll" [05/31/2008 02:59 PM]
"BM2d49cf9c"="C:\WINDOWS\system32\qwcjkapx.dll" [05/31/2008 02:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 PM]
"P2kAutostart"="" []

C:\Documents and Settings\Dwight\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 11:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"application"=C:\Program Files\ACSPMonitor\ASMonitor.exe h

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifgGYsp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308fff17-714c-11dc-b5d2-0014a5f09de0}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{877b0113-92f1-11dc-b5ee-0014a5f09de0}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{877b0114-92f1-11dc-b5ee-0014a5f09de0}]
Auto\command- G:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890b0cc2-ed36-11db-b544-0014a5f09de0}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890b0cc4-ed36-11db-b544-0014a5f09de0}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d87131e-bb8f-11db-b50a-0014a5f09de0}]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-05-31 18:36:31 ------------


Edited by kaizen, 31 May 2008 - 08:06 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 AM

Posted 01 June 2008 - 04:49 PM

Hello kaizen,

Welcome back to Bleeping Computer :thumbsup:

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :) After ComboFix has completed you can reenable them all, then come back online to post the reports. Thanks!

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 kaizen

kaizen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 02 June 2008 - 09:44 AM

Thank you for helping me tea, here are the logs you requested.


-------------------------------------------------------------------------------
ComboFix 08-06-01.6 - Dwight 2008-06-02 10:29:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.65 [GMT -4:00]
Running from: C:\Documents and Settings\Dwight\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-01 18:49 . 2008-06-02 10:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-01 18:49 . 2008-06-01 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 15:24 . 2008-05-31 15:24 <DIR> d-------- C:\Deckard
2008-05-31 11:31 . 2008-05-31 11:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-31 11:31 . 2008-05-31 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-30 19:33 . 2008-05-30 19:33 <DIR> d-------- C:\Microsoft
2008-05-30 19:33 . 2008-05-30 19:33 2,688 --a------ C:\WINDOWS\system32\settings.aaw
2008-05-30 19:33 . 2008-05-30 19:33 1,232 --a------ C:\WINDOWS\system32\history.aaw
2008-05-30 15:05 . 2008-05-30 15:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-30 15:05 . 2006-08-19 06:08 <DIR> d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Intuit
2008-05-30 15:05 . 2008-05-30 15:05 <DIR> d-------- C:\Documents and Settings\Administrator.PC161035812295
2008-05-30 14:59 . 2008-05-30 14:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-30 14:59 . 2008-05-30 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-30 14:45 . 2008-05-30 14:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:34 . 2008-05-30 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 13:09 . 2008-05-29 13:25 <DIR> d-------- C:\Documents and Settings\Dwight\Application Data\Ulead Systems
2008-05-29 13:05 . 2008-05-29 19:50 354 --ahs---- C:\WINDOWS\system32\qmvlrxye.ini
2008-05-29 12:10 . 2008-05-29 12:10 <DIR> d-------- C:\Program Files\Windows Media Components
2008-05-29 12:08 . 2008-05-30 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-05-28 22:29 . 2008-05-28 22:29 <DIR> d-------- C:\Documents and Settings\All Users\CyberLink
2008-05-26 01:55 . 2008-05-26 01:56 <DIR> d-------- C:\Program Files\QuickTime
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 23:58 --------- d-----w C:\Program Files\Last.fm
2008-05-31 19:31 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 19:40 --------- d-----w C:\Program Files\Creative
2008-05-30 19:39 --------- d-----w C:\Program Files\DivX
2008-05-29 17:59 --------- d-----w C:\Documents and Settings\Dwight\Application Data\uTorrent
2008-05-29 02:25 --------- d-----w C:\Documents and Settings\Dwight\Application Data\CyberLink
2008-05-26 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-18 18:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 05:07 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 14:25 --------- d-----w C:\Program Files\iTunes
2008-04-30 14:24 --------- d-----w C:\Program Files\iPod
2008-04-30 13:08 --------- d-----w C:\Program Files\Motorola
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 15:16 --------- d-----w C:\Program Files\Magic AAC to MP3 Converter
2008-04-21 00:32 --------- d-----w C:\Program Files\TriglowPictures
2008-04-18 14:20 197 --sha-w C:\Program Files\Common Files\maxtreme.dat
2008-04-18 14:19 --------- d-----w C:\Documents and Settings\Dwight\Application Data\Webcammax
2008-04-12 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-07 00:57 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-07 00:55 92,064 -c--a-w C:\Documents and Settings\Dwight\mqdmmdm.sys
2008-04-07 00:55 9,232 -c--a-w C:\Documents and Settings\Dwight\mqdmmdfl.sys
2008-04-07 00:55 79,328 -c--a-w C:\Documents and Settings\Dwight\mqdmserd.sys
2008-04-07 00:55 66,656 -c--a-w C:\Documents and Settings\Dwight\mqdmbus.sys
2008-04-07 00:55 6,208 -c--a-w C:\Documents and Settings\Dwight\mqdmcmnt.sys
2008-04-07 00:55 5,936 -c--a-w C:\Documents and Settings\Dwight\mqdmwhnt.sys
2008-04-07 00:55 4,048 -c--a-w C:\Documents and Settings\Dwight\mqdmcr.sys
2008-04-07 00:55 25,600 -c--a-w C:\Documents and Settings\Dwight\usbsermptxp.sys
2008-04-07 00:55 22,768 -c--a-w C:\Documents and Settings\Dwight\usbsermpt.sys
2008-04-06 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-05 23:05 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-05 23:05 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-05 21:13 --------- d-----w C:\Program Files\Avanquest update
2008-04-05 17:20 --------- d-----w C:\Program Files\Cell Phone Manager
2008-03-23 00:08 0 -c--a-w C:\Program Files\temp01
2006-10-31 03:03 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_10.13.58.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 14:00:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 14:27:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00 15360]
"P2kAutostart"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 01:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 17:43 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 18:21 135168]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-07-13 14:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 18:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 18:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50 290816]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 09:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 09:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 09:00 455168]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-04-22 22:22 851968]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 19:18 241664]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-14 14:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-14 14:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-14 14:38 94208]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\Dwight\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 23:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"application"= C:\Program Files\ACSPMonitor\ASMonitor.exe h

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-06 19:58]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 XDva002;XDva002;C:\WINDOWS\system32\XDva002.sys []
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890b0cc2-ed36-11db-b544-0014a5f09de0}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d87131e-bb8f-11db-b50a-0014a5f09de0}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 03:32:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 10:32:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????c??????g?@?????L?@

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-02 10:38:48
ComboFix-quarantined-files.txt 2008-06-02 14:37:42
ComboFix2.txt 2008-06-02 14:16:07

Pre-Run: 28,115,038,208 bytes free
Post-Run: 28,101,001,216 bytes free

164 --- E O F --- 2008-05-29 07:08:40



Deckard's System Scanner v20071014.68
Run by Dwight on 2008-06-02 10:42:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 96% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Dwight.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:02 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dwight\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwight.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [application] C:\Program Files\ACSPMonitor\ASMonitor.exe h
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwight\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.4.105.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dj06.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162670002343
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://www.bombndash.com/common/AppCaller.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9727 bytes

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 09:49:22 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 09:49:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 09:49:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 09:49:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 09:49:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 09:49:22 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 09:49:22 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 09:49:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-31 15:35:02 0 dr-h----- C:\Documents and Settings\Dwight\Recent
2008-05-31 11:31:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 11:31:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 19:33:09 0 d-------- C:\Microsoft
2008-05-30 19:31:32 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-05-30 19:30:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-05-30 19:29:40 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-05-30 19:29:40 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-30 19:29:34 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 19:29:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-30 19:29:29 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-30 19:29:29 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-30 15:05:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\Templates
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\Start Menu
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\SendTo
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\Recent
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\PrintHood
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\NetHood
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\My Documents
2008-05-30 15:05:04 0 d--h----- C:\Documents and Settings\Administrator.PC161035812295\Local Settings
2008-05-30 15:05:04 0 dr------- C:\Documents and Settings\Administrator.PC161035812295\Favorites
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Desktop
2008-05-30 15:05:04 0 d---s---- C:\Documents and Settings\Administrator.PC161035812295\Cookies
2008-05-30 15:05:04 0 dr-h----- C:\Documents and Settings\Administrator.PC161035812295\Application Data
2008-05-30 15:05:04 0 d---s---- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Microsoft
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Macromedia
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Intuit
2008-05-30 15:05:04 0 d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Identities
2008-05-30 15:05:03 1048576 --ah----- C:\Documents and Settings\Administrator.PC161035812295\NTUSER.DAT
2008-05-30 14:59:55 0 d-------- C:\Program Files\Lavasoft
2008-05-30 14:59:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-30 14:45:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 13:09:21 0 d-------- C:\Documents and Settings\Dwight\Application Data\Ulead Systems
2008-05-29 12:10:16 0 d-------- C:\Program Files\Windows Media Components
2008-05-29 12:08:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-28 22:29:51 0 d-------- C:\Documents and Settings\All Users\CyberLink
2008-05-28 22:29:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-05-26 01:55:46 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-05-31 21:37:42 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-31 19:58:09 0 d-------- C:\Program Files\Last.fm
2008-05-31 15:31:19 0 d-------- C:\Program Files\Trend Micro
2008-05-30 15:40:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 15:40:15 0 d-------- C:\Program Files\Creative
2008-05-30 15:39:41 0 d-------- C:\Program Files\DivX
2008-05-30 15:36:20 0 d-------- C:\Program Files\Common Files
2008-05-29 13:59:53 0 d-------- C:\Documents and Settings\Dwight\Application Data\uTorrent
2008-05-28 22:25:08 0 d-------- C:\Documents and Settings\Dwight\Application Data\CyberLink
2008-05-19 19:11:57 2276 --a----c- C:\WINDOWS\checkip.dat
2008-05-01 11:27:40 40 --a----c- C:\WINDOWS\popcinfo.dat
2008-05-01 01:07:01 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 10:25:19 0 d-------- C:\Program Files\iTunes
2008-04-30 10:24:50 0 d-------- C:\Program Files\iPod
2008-04-30 09:08:18 0 d-------- C:\Program Files\Motorola
2008-04-26 11:16:54 0 d-------- C:\Program Files\Magic AAC to MP3 Converter
2008-04-20 20:32:23 0 d-------- C:\Program Files\TriglowPictures
2008-04-18 10:20:13 197 --ahs---- C:\Program Files\Common Files\maxtreme.dat
2008-04-18 10:19:10 0 d-------- C:\Documents and Settings\Dwight\Application Data\Webcammax
2008-04-06 20:57:07 0 d-------- C:\Program Files\Motorola Phone Tools
2008-04-05 17:13:59 0 d-------- C:\Program Files\Avanquest update
2008-04-05 13:20:03 0 d-------- C:\Program Files\Cell Phone Manager
2008-03-22 20:08:57 0 --a----c- C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 11:02 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [06/23/2006 05:43 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 07:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 07:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/02/2006 06:21 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [07/13/2006 02:02 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 06:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 06:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 06:50 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 09:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [04/22/2004 10:22 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 07:18 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/14/2006 02:39 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/14/2006 02:41 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/14/2006 02:38 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 PM]
"P2kAutostart"="" []

C:\Documents and Settings\Dwight\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 11:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"application"=C:\Program Files\ACSPMonitor\ASMonitor.exe h

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890b0cc2-ed36-11db-b544-0014a5f09de0}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d87131e-bb8f-11db-b50a-0014a5f09de0}]
AutoRun\command- F:\setupSNK.exe

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-06-02 10:43:20 ------------



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 AM

Posted 03 June 2008 - 03:51 AM

Hello,

I see you ran ComboFix twice. Do you happen to have the original report? I don't see anything in the last logs you posted. Are you still having problems?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 kaizen

kaizen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 03 June 2008 - 09:19 AM

I ran it twice because the first time, i didn't de-activate all of the anti-virus programs properly. Im not having the same issues im having but it would be nice to make sure all of the trace amounts of whatever effected me is gone.

Edited by kaizen, 03 June 2008 - 09:19 AM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 AM

Posted 03 June 2008 - 02:35 PM

Hello,

I guess you don't have it, and as I said, those last logs look good. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 kaizen

kaizen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 03 June 2008 - 04:19 PM

Thank you for all your help. =)

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 AM

Posted 04 June 2008 - 09:01 AM

You're welcome. :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:02 AM

Posted 28 June 2008 - 10:59 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users