Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Get Rid Of Trojan.downloader.bhz!?!?!


  • This topic is locked This topic is locked
12 replies to this topic

#1 gasmith2

gasmith2

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 18 June 2008 - 02:55 PM

Good Afternoon!

My bit defender virus protection software keeps telling me that it has deleted the file trojan.downloader.bhz but it keep coming up and I am not sure how to get rid of it. The location of the trojan.downloader.bhz is somewhere in system 32. My computer seems to running more slowly than usual. How do I get rid of this virus and here is a list of what hijackthis came up with. Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:18 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gabriel Smith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\Disney MP3 Player\MediaManager\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\Disney MP3 Player\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe




Thank you and have a nice day!

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 18 June 2008 - 03:48 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 gasmith2

gasmith2
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 18 June 2008 - 04:28 PM

Here you go:


ComboFix 08-06-16.5 - Gabriel Smith 2008-06-18 17:03:19.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1019 [GMT -4:00]
Running from: C:\Documents and Settings\Gabriel Smith\My Documents\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\WINDOWS\system32\akkukstk.ini
C:\WINDOWS\system32\dpwgvohf.ini
C:\WINDOWS\system32\efwnlybl.ini
C:\WINDOWS\system32\fcejmrkp.ini
C:\WINDOWS\system32\fuikionb.ini
C:\WINDOWS\system32\fwiuvdrh.ini
C:\WINDOWS\system32\gsxnvabc.ini
C:\WINDOWS\system32\jwxekhqt.ini
C:\WINDOWS\system32\kuqiegur.ini
C:\WINDOWS\system32\kxwjpuku.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\olahedri.ini
C:\WINDOWS\system32\ottontqs.ini
C:\WINDOWS\system32\plglqrrl.ini
C:\WINDOWS\system32\pugdpncu.ini
C:\WINDOWS\system32\qqajrdpm.ini
C:\WINDOWS\system32\sabcdhgy.ini
C:\WINDOWS\system32\sitqfuwc.ini
C:\WINDOWS\system32\tgdudeuu.ini
C:\WINDOWS\system32\uefctbyc.ini
C:\WINDOWS\system32\vqtxrmub.ini
C:\WINDOWS\system32\vvmylvsv.ini
C:\WINDOWS\system32\xpbvlldv.ini
C:\WINDOWS\system32\ycekdnyc.ini
C:\WINDOWS\system32\ygmtbxwh.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 17:12 . 2008-06-18 17:12 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-06-10 23:25 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:25 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:14 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\BSplayer
2008-06-18 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-10 23:13 --------- d-----w C:\Program Files\Plaxo
2008-06-10 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 23:11 --------- d-----w C:\Program Files\MuvAudio
2008-06-01 00:24 --------- d-----w C:\Program Files\Apple Software Update
2008-05-28 04:02 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\uTorrent
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-19 17:46 --------- d-----w C:\Program Files\iTunes
2008-04-19 17:46 --------- d-----w C:\Program Files\iPod
2008-04-19 17:43 --------- d-----w C:\Program Files\QuickTime
2007-04-23 21:23 38,073,144 ------w C:\Documents and Settings\Gabriel Smith\j2sdk-1_4_1_07-windows-i586.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 20:23 68856]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-11 14:15 442368]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 10:14 188416]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"iPodVideoConverter_upgrade"="C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2007-10-12 00:57 463360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 18:00 1862144]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-12 01:03 360448]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-06 07:08:24 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= vacumd.dll
"mixer1"= vacumd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel Smith^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\StarNet\\X-Win32 5.4\\xwin32.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1124671106\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=

R1 VirtualAudioCable;Virtual Audio Cable;C:\WINDOWS\system32\drivers\vackmd.sys [2005-08-09 10:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 09:26]
S4 AutoSyncService;Memeo AutoSync ;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 18:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b15b3c-99e1-11dc-9f2c-0013ce29b80e}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{641fb2d2-2710-11dc-9ee6-0013ce29b80e}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9ff292-e66e-11dc-916e-00123fd91dd5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - RPCNETP
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 07:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-06-01 00:24:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 21:17:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-18 21:13:38 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 17:14:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\autochk(3).exe:BAK 22528 bytes executable
C:\WINDOWS\system32\autochk(4).exe:BAK 22528 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vacumd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\rpcnetp.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-18 17:22:35 - machine was rebooted [Gabriel Smith]
ComboFix-quarantined-files.txt 2008-06-18 21:22:25

Pre-Run: 34,493,681,664 bytes free
Post-Run: 34,368,471,040 bytes free

199 --- E O F --- 2008-06-14 16:47:02








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:49 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\System32\rpcnetp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gabriel Smith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\Disney MP3 Player\MediaManager\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\Disney MP3 Player\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10906 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 19 June 2008 - 01:27 AM

Before we begin, please visit the page below, scroll down to the part which says "How to install and use the Windows XP Recovery Console," and follow those instructions:

How to download and use ComboFix

Then please run another scan with Combofix and post back the new log, along with a HijackThis log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 gasmith2

gasmith2
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 12 July 2008 - 11:08 AM

Hey! Here is the new Combo Fix Report and Hijack this report:

ComboFix 08-07-11.1 - Gabriel Smith 2008-07-12 11:46:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1066 [GMT -4:00]
Running from: C:\Documents and Settings\Gabriel Smith\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-07 12:13 . 2008-07-07 12:13 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2008-07-07 08:50 . 2008-07-07 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-04 14:23 . 2008-07-04 14:23 <DIR> d-------- C:\Program Files\Bonjour
2008-07-04 14:11 . 2008-07-04 14:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-01 15:54 . 2008-07-01 15:54 <DIR> d-------- C:\Documents and Settings\Gabriel Smith\Application Data\PCF-VLC
2008-07-01 14:44 . 2008-07-01 14:44 <DIR> d-------- C:\Documents and Settings\Gabriel Smith\Application Data\Participatory Culture Foundation
2008-07-01 14:43 . 2008-07-01 14:43 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-06-26 09:18 . 2005-07-06 22:57 6,680,576 --a------ C:\WINDOWS\system32\atioglx1.dll
2008-06-26 09:18 . 2005-07-06 21:43 135,168 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-06-26 09:18 . 2005-04-08 16:42 87,540 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-26 09:18 . 2005-07-06 21:43 36,864 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-25 12:14 . 2008-07-12 11:53 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 15:53 47,104 ----a-w C:\WINDOWS\system32\Rpcnet.dll
2008-07-12 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 15:41 --------- d-----w C:\Program Files\CyberLink
2008-07-12 15:38 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-07-12 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-10 02:23 --------- d--h--w C:\Documents and Settings\Gabriel Smith\Application Data\Move Networks
2008-07-09 18:15 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe
2008-07-09 17:56 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\uTorrent
2008-07-04 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-26 15:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-26 13:20 --------- d-----w C:\Program Files\ATI Technologies
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 19:14 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\BSplayer
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:13 --------- d-----w C:\Program Files\Plaxo
2008-06-10 23:11 --------- d-----w C:\Program Files\MuvAudio
2008-06-01 00:24 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-04-23 21:23 38,073,144 ------w C:\Documents and Settings\Gabriel Smith\j2sdk-1_4_1_07-windows-i586.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_17.21.58.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 16:13:04 61,457 ----a-w C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP\WiseCustomCalla.dll
- 2008-06-18 21:13:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 15:53:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2001-07-14 21:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2005-01-11 23:59:54 245,760 ----a-w C:\WINDOWS\system32\ati2cqag.dll
+ 2005-07-07 01:41:06 204,800 ----a-w C:\WINDOWS\system32\ati2cqag.dll
- 2005-01-12 00:18:42 217,088 ----a-w C:\WINDOWS\system32\ati2dvag.dll
+ 2005-07-07 02:02:40 227,328 ----a-w C:\WINDOWS\system32\ati2dvag.dll
- 2005-01-12 00:16:24 30,720 ----a-w C:\WINDOWS\system32\ati2edxx.dll
+ 2005-07-07 01:59:30 39,936 ----a-w C:\WINDOWS\system32\ati2edxx.dll
- 2005-01-12 00:16:20 90,112 ----a-w C:\WINDOWS\system32\ati2evxx.dll
+ 2005-07-07 01:59:26 46,080 ----a-w C:\WINDOWS\system32\ati2evxx.dll
- 2005-01-12 00:16:14 405,504 ----a-w C:\WINDOWS\system32\ati2evxx.exe
+ 2005-07-07 01:59:20 364,544 ----a-w C:\WINDOWS\system32\ati2evxx.exe
- 2005-01-12 00:16:26 65,536 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
+ 2005-07-07 01:59:32 25,088 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
- 2005-01-12 00:15:12 2,254,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
+ 2005-07-07 01:58:10 2,307,424 ----a-w C:\WINDOWS\system32\ati3duag.dll
- 2005-01-12 00:15:50 81,920 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
+ 2005-07-07 01:58:50 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
- 2005-01-12 01:10:10 294,912 ----a-w C:\WINDOWS\system32\atiiiexx.dll
+ 2005-07-07 03:47:10 299,008 ----a-w C:\WINDOWS\system32\atiiiexx.dll
- 2005-01-12 00:37:52 6,553,600 ----a-w C:\WINDOWS\system32\atioglxx.dll
+ 2005-07-07 02:19:52 4,820,992 ----a-w C:\WINDOWS\system32\atioglxx.dll
- 2005-01-12 00:16:36 131,072 ----a-w C:\WINDOWS\system32\atipdlxx.dll
+ 2005-07-07 01:59:46 94,208 ----a-w C:\WINDOWS\system32\atipdlxx.dll
- 2005-01-12 00:01:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
+ 2005-07-07 01:43:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
- 2005-01-12 00:04:48 481,920 ----a-w C:\WINDOWS\system32\ativvaxx.dll
+ 2005-07-07 01:51:00 605,920 ----a-w C:\WINDOWS\system32\ativvaxx.dll
- 2005-01-12 00:18:22 800,768 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2005-07-07 02:02:18 1,132,544 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
- 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
- 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
- 2001-08-17 19:55:56 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2001-08-17 18:55:56 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbd103.dll
- 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd106.dll
- 2001-08-18 03:36:18 8,704 ----a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2001-08-18 02:36:18 8,704 ----a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
- 2001-08-18 03:36:18 8,192 ----a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-08-18 02:36:18 8,192 ----a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2006-02-28 16:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-02-28 16:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
- 2005-01-12 00:18:22 800,768 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
+ 2005-07-07 02:02:18 1,132,544 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
- 2008-06-12 05:07:33 130,096 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-05 05:32:02 1,425,304 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-12-20 01:50:08 13,312 ----a-w C:\WINDOWS\system32\instac32.exe
+ 2007-03-15 00:30:18 32,256 ----a-w C:\WINDOWS\system32\instd32.exe
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-04-04 03:04:14 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-07-03 14:41:15 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-01-12 00:16:32 102,400 ----a-w C:\WINDOWS\system32\Oemdspif.dll
+ 2005-07-07 01:59:38 73,728 ----a-w C:\WINDOWS\system32\Oemdspif.dll
+ 2005-01-11 23:59:54 245,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2cqag.dll
+ 2005-01-12 00:18:42 217,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2dvag.dll
+ 2005-01-12 00:16:24 30,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2edxx.dll
+ 2005-01-12 00:16:20 90,112 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.dll
+ 2005-01-12 00:16:14 405,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe
+ 2005-01-12 00:16:26 65,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\Ati2mdxx.exe
+ 2005-01-12 00:18:22 800,768 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2mtag.sys
+ 2005-01-12 00:15:12 2,254,560 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati3duag.dll
+ 2005-01-12 00:15:50 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ATIDDC.DLL
+ 2005-01-12 01:10:10 294,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiiiexx.dll
+ 2005-01-12 00:37:52 6,553,600 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atioglxx.dll
+ 2005-01-12 00:16:36 131,072 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atipdlxx.dll
+ 2005-01-12 00:01:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atitvo32.dll
+ 2001-11-09 22:01:04 24,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ativcoxx.dll
+ 2005-01-12 00:04:48 481,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ativvaxx.dll
+ 2005-01-12 00:16:32 102,400 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\Oemdspif.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
+ 2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
+ 2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 20:23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-11 14:15 442368]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 10:14 188416]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"iPodVideoConverter_upgrade"="C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2008-06-16 20:59 474624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 18:00 1862144]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 21:00 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-06 07:08:24 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= vacumd.dll
"mixer1"= vacumd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel Smith^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\StarNet\\X-Win32 5.4\\xwin32.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1124671106\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=

R1 VirtualAudioCable;Virtual Audio Cable;C:\WINDOWS\system32\drivers\vackmd.sys [2005-08-09 10:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 09:26]
S4 AutoSyncService;Memeo AutoSync ;C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 18:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b15b3c-99e1-11dc-9f2c-0013ce29b80e}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{641fb2d2-2710-11dc-9ee6-0013ce29b80e}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9ff292-e66e-11dc-916e-00123fd91dd5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 15:27:38 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-06-01 00:24:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 15:56:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-12 15:53:11 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 11:53:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\autochk(3).exe:BAK 22528 bytes executable
C:\WINDOWS\system32\autochk(4).exe:BAK 22528 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vacumd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-12 12:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 16:00:30
ComboFix2.txt 2008-06-19 14:34:51
ComboFix3.txt 2008-06-18 21:22:37

Pre-Run: 32,085,925,888 bytes free
Post-Run: 33,104,384,000 bytes free

291 --- E O F --- 2008-07-09 18:02:13






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:24 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gabriel Smith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\Disney MP3 Player\MediaManager\grab.html
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\Disney MP3 Player\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{55F93D23-8450-43B6-BFE8-4C4A22425419}: NameServer = 204.111.1.35,204.111.1.36
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10422 bytes

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 13 July 2008 - 03:06 PM

Please run a scan with Kaspersky Online Scanner.
You will be promted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 gasmith2

gasmith2
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 14 July 2008 - 02:39 PM

Good Afternoon!


Here is the report that the Kaspersky Scan came up with:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 17:49:16
Records in database: 952881
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 99424
Threat name: 2
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 02:25:01


File name / Threat name / Threats count
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Apple TV Video Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to Apple TV Converter Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to Apple TV Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to iPhone Converter Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to iPhone Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to iPod Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to PSP Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft DVD to Zune Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft iPhone Video Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft iPod Movie Video Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft iPod Video Converter + DVD to iPod Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft PSP Movie Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft PSP Video Converter + DVD to PSP Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Ultimate DVD + Video Converter Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Ultimate DVD Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Ultimate Video Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Zune Video Converter + DVD to Zune Suite.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\My Documents\Downloads\Cucusoft Ultimate DVD to PSP iPOD PSP ZUNE iPhone Apple TV Video Movie Converter suite\Cucusoft Zune Video Converter.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\Gabriel Smith\Shared\(Serial) rob mathes.ace Infected: Trojan-Downloader.Win32.IstBar.nj 1
C:\Documents and Settings\Gabriel Smith\Shared\HuMMeR rita springer.ace Infected: Trojan-Downloader.Win32.IstBar.nj 1

The selected area was scanned.




Should I delete this files?

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 July 2008 - 03:30 PM

Yep, please delete these two folders for me:

C:\Documents and Settings\Gabriel Smith\My Documents\Downloads
C:\Documents and Settings\Gabriel Smith\Shared

Then I'd like a new Combofix log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 gasmith2

gasmith2
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 14 July 2008 - 04:37 PM

They have been deleted and here is the new combo fix report:


ComboFix 08-07-11.1 - Gabriel Smith 2008-07-14 17:26:54.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1064 [GMT -4:00]
Running from: C:\Documents and Settings\Gabriel Smith\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 17:16 . 2008-07-14 17:17 <DIR> d-------- C:\Program Files\iTunes
2008-07-14 17:16 . 2008-07-14 17:16 <DIR> d-------- C:\Program Files\iPod
2008-07-14 17:09 . 2008-07-14 17:09 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-07 12:13 . 2008-07-07 12:13 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2008-07-07 08:50 . 2008-07-07 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-04 14:23 . 2008-07-14 17:14 <DIR> d-------- C:\Program Files\Bonjour
2008-07-04 14:11 . 2008-07-04 14:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-01 15:54 . 2008-07-01 15:54 <DIR> d-------- C:\Documents and Settings\Gabriel Smith\Application Data\PCF-VLC
2008-07-01 14:44 . 2008-07-01 14:44 <DIR> d-------- C:\Documents and Settings\Gabriel Smith\Application Data\Participatory Culture Foundation
2008-07-01 14:43 . 2008-07-01 14:43 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-06-26 09:18 . 2005-07-06 22:57 6,680,576 --a------ C:\WINDOWS\system32\atioglx1.dll
2008-06-26 09:18 . 2005-07-06 21:43 135,168 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-06-26 09:18 . 2005-04-08 16:42 87,540 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-26 09:18 . 2005-07-06 21:43 36,864 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-25 12:14 . 2008-07-14 10:29 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 21:13 --------- d-----w C:\Program Files\QuickTime
2008-07-14 21:02 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\uTorrent
2008-07-14 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-14 14:29 47,104 ----a-w C:\WINDOWS\system32\Rpcnet.dll
2008-07-14 14:29 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-07-13 18:28 --------- d--h--w C:\Documents and Settings\Gabriel Smith\Application Data\Move Networks
2008-07-12 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 15:41 --------- d-----w C:\Program Files\CyberLink
2008-07-09 18:15 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe
2008-07-04 18:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-26 15:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-26 13:20 --------- d-----w C:\Program Files\ATI Technologies
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 19:14 --------- d-----w C:\Documents and Settings\Gabriel Smith\Application Data\BSplayer
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:13 --------- d-----w C:\Program Files\Plaxo
2008-06-10 23:11 --------- d-----w C:\Program Files\MuvAudio
2008-06-01 00:24 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-04-23 21:23 38,073,144 ------w C:\Documents and Settings\Gabriel Smith\j2sdk-1_4_1_07-windows-i586.exe
.

((((((((((((((((((((((((((((( snapshot_2008-07-12_12.00.18.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 15:53:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 14:29:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 21:14:29 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
+ 2008-07-14 21:17:31 102,400 ----a-r C:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe
- 2006-02-28 16:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2007-07-24 19:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
- 2006-02-28 16:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2007-07-24 19:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2008-07-10 13:35:22 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 20:23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-11 14:15 442368]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 10:14 188416]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"iPodVideoConverter_upgrade"="C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2008-06-16 20:59 474624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 18:00 1862144]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 21:00 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-06 07:08:24 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= vacumd.dll
"mixer1"= vacumd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel Smith^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\StarNet\\X-Win32 5.4\\xwin32.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1124671106\\ee\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 VirtualAudioCable;Virtual Audio Cable;C:\WINDOWS\system32\drivers\vackmd.sys [2005-08-09 10:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 09:26]
S4 AutoSyncService;Memeo AutoSync ;C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 18:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b15b3c-99e1-11dc-9f2c-0013ce29b80e}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{641fb2d2-2710-11dc-9ee6-0013ce29b80e}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9ff292-e66e-11dc-916e-00123fd91dd5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 07:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-06-01 00:24:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-14 14:33:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-14 21:00:01 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 17:31:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vacumd.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vacumd.dll
.
Completion time: 2008-07-14 17:33:41
ComboFix-quarantined-files.txt 2008-07-14 21:32:59
ComboFix2.txt 2008-07-12 16:01:11
ComboFix3.txt 2008-06-19 14:34:51
ComboFix4.txt 2008-06-18 21:22:37

Pre-Run: 45,089,185,792 bytes free
Post-Run: 45,191,045,120 bytes free

182 --- E O F --- 2008-07-09 18:02:13

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 16 July 2008 - 03:21 AM

The logs are starting to come back clean now, how do things seem to be running?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 gasmith2

gasmith2
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 16 July 2008 - 08:02 AM

It is running better! Thank you very much! :thumbsup:

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 16 July 2008 - 08:54 AM

Great job! Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Do not show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programmes:
Ad-Aware 2008
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place.
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 13 August 2008 - 04:42 PM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users