Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremeboy-combofix And Hijack Logs


  • This topic is locked This topic is locked
6 replies to this topic

#1 tiz68

tiz68

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 28 August 2008 - 10:44 PM

Hey extremeboy, here are the logs you wanted me to post. I re-ran combofix and this time it didn't restart my pc and the log is a lot shorter than the first one I tried posting for you. And after everything was done I ran Hijack this as well.

Oh and as for the peer-peer, that is my wife's fault haha. I avoid using those programs specifically for that reason. I deleted Limewire and asked her not to use it anymore. Haha we will see how long that lasts. I deleted all of my virus protection programs. From your experience which program do you suggest to keep my pc safe from viruses/spyware? I would like to know your opinion on that subject before I get one. I will use it to help me decide which one to get.

COMBOFIX

ComboFix 08-08-26.03 - Chris Tisdale 2008-08-28 22:29:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1552 [GMT -5:00]
Running from: C:\Documents and Settings\Chris Tisdale\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris Tisdale\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\dushqfpk.ini
C:\WINDOWS\system32\etqoqtul.ini
C:\WINDOWS\system32\lutqoqte.dll
C:\WINDOWS\system32\tmrucujq.ini
C:\WINDOWS\system32\vtiekfas.ini
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-27 14:55 . 2008-08-27 14:55 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-27 14:55 . 2008-08-27 14:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-27 14:55 . 2008-08-27 14:55 <DIR> d-------- C:\Documents and Settings\Chris Tisdale\Application Data\Windows Desktop Search
2008-08-27 14:54 . 2008-03-07 12:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-27 14:54 . 2008-03-07 12:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-27 14:54 . 2008-03-07 12:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-27 14:51 . 2008-07-22 09:45 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-27 14:51 . 2008-07-22 09:45 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-27 14:51 . 2008-07-22 09:45 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-27 14:27 . 2008-08-27 14:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-27 14:27 . 2008-08-27 14:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-27 14:27 . 2008-08-27 14:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-27 14:27 . 2008-08-27 14:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-27 14:26 . 2008-08-27 14:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 14:06 . 2008-08-27 14:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-27 13:06 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-18 22:36 . 2008-08-18 22:36 <DIR> d-------- C:\Documents and Settings\Chris Tisdale\Application Data\Gearbox Software
2008-08-12 23:57 . 2008-08-12 23:57 <DIR> d-------- C:\Documents and Settings\Chris Tisdale\Application Data\Canneverbe_Limited
2008-08-12 23:56 . 2008-08-12 23:56 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-08-12 23:47 . 2008-08-12 23:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-12 23:47 . 2008-08-12 23:47 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-08-12 23:47 . 2008-08-12 23:47 <DIR> d-------- C:\Program Files\MSBuild
2008-08-12 23:46 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-08-12 23:42 . 2008-08-12 23:42 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-08-12 09:48 . 2008-08-12 09:48 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-12 09:46 . 2008-08-12 09:46 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-12 09:37 . 2008-08-12 09:53 110,055 --a------ C:\WINDOWS\hpoins08.dat
2008-08-12 09:37 . 2006-01-24 02:11 7,577 --------- C:\WINDOWS\hpomdl08.dat
2008-08-09 11:06 . 2008-08-09 11:42 <DIR> d-------- C:\Documents and Settings\Chris Tisdale\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 03:19 --------- d-----w C:\Program Files\Steam
2008-08-28 18:41 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-28 18:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-28 18:28 --------- d-----w C:\Documents and Settings\Chris Tisdale\Application Data\SUPERAntiSpyware.com
2008-08-28 18:27 --------- d-----w C:\Program Files\Symantec
2008-08-28 18:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-28 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-28 18:24 --------- d-----w C:\Program Files\LimeWire
2008-08-28 18:24 --------- d-----w C:\Documents and Settings\Chris Tisdale\Application Data\Lavasoft
2008-08-22 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 16:01 3,472 ----a-w C:\WINDOWS\system32\tmp.reg
2008-08-12 14:46 --------- d-----w C:\Program Files\HP
2008-08-05 17:47 --------- d-----w C:\Program Files\Java
2008-07-28 02:21 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 00:08 --------- d-----w C:\Documents and Settings\Chris Tisdale\Application Data\Malwarebytes
2008-07-28 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 17:25 --------- d-----w C:\Program Files\HLSW
2008-07-21 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-21 03:55 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-07-21 03:51 --------- d-----w C:\Program Files\CONEXANT
2008-07-21 03:43 --------- d-----w C:\Program Files\IGN
2008-07-21 03:43 --------- d-----w C:\Documents and Settings\Chris Tisdale\Application Data\IGN_DLM
2008-07-21 03:40 --------- d-----w C:\Program Files\MSECACHE
2008-07-21 03:39 --------- d-----w C:\Documents and Settings\Chris Tisdale\Application Data\TmpRecentIcons
2008-07-21 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-07-21 03:37 --------- d-----w C:\Program Files\Roxio
2008-07-21 03:32 --------- d-----w C:\Program Files\DivX
2008-07-20 11:25 --------- d-----w C:\Program Files\Yahoo! Games
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-12 02:14 --------- d-----w C:\Program Files\iTunes
2008-07-12 02:14 --------- d-----w C:\Program Files\iPod
2008-07-12 02:13 --------- d-----w C:\Program Files\QuickTime
2008-07-10 14:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2007-08-09 14:18 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-05-27 03:38 56 --sh--r C:\WINDOWS\system32\F796A255E9.sys
2006-05-27 03:38 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 20:41 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-09 18:38 26112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-16 21:25 100056]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-25 12:50:33 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142385793\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142385793\\ee\\aim6.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\opposing force\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\source sdk base\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\call of duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\christis68\\half-life blue shift\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\call of duty 4\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 17:59]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 22:32:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-08-28 22:33:08
ComboFix-quarantined-files.txt 2008-08-29 03:33:01
ComboFix2.txt 2008-08-28 18:46:35
ComboFix3.txt 2008-08-27 18:20:55

Pre-Run: 74,294,452,224 bytes free
Post-Run: 74,285,162,496 bytes free

221 --- E O F --- 2008-08-27 19:09:02


HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:50, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\stsystra.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\random.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {472CBF48-10DF-49FE-A47C-66B117FAE52C} - http://www.ibingo.com/bin/v6/setup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://preview.licenseacquisition.org/69/1...ia.1.0.0.22.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Httidd0 - Conexant Systems, Inc. - (no file)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8722 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 29 August 2008 - 10:48 AM

Hi Tiz68,

If you do not mind asking does your Norton provides an Anti-virus protection and firewall protection? If not I'll give you some link of anti-virus and firewall portection links.

Submit File to Online Scanner

There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".


    @Echo off
    sc stop Httidd0
    sc delete Httidd0
    del %0

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for a .bat file.

Double click on fix.bat. You should see the black window open and disaapear then the batch script get deleted.
Please do not worry that is normal.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.
  • Jotti results
  • Kaspersky online scan
  • New Hijackthis (Please run Hijackthis after you completed everything above)
Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 tiz68

tiz68
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 29 August 2008 - 03:36 PM

Yes Norton sure does offer firewall protection. And here are the new logs. :thumbsup:

JOTTIE

Scanner results
Scan taken on 29 Aug 2008 17:40:11 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Kaspersky online scan

Friday, August 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 29, 2008 17:15:08
Records in database: 1163294


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
B:\
C:\
D:\

Scan statistics
Files scanned 112004
Threat name 25
Infected objects 53
Suspicious objects 0
Duration of the scan 02:20:47

File name Threat name Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\adegcjvr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bzy 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ameyms.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bzy 1

C:\QooBox\Quarantine\C\WINDOWS\system32\auvqrvxr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.adwm 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bezsfc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bferjsxo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bngffm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bryuycnf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cth 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ckksscol.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ebijdavu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

C:\QooBox\Quarantine\C\WINDOWS\system32\edgqnb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cut 1

C:\QooBox\Quarantine\C\WINDOWS\system32\egrfcx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

C:\QooBox\Quarantine\C\WINDOWS\system32\eharhe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\feivqdjs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.day 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fgmsrm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cth 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fhvherxx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fncxrufx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ctx 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fssxcj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fuynjq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ckn 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fycrxr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ggfvac.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bve 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jriiwima.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cum 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jrnaojln.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bve 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kbhnuc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.clu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lhcweaee.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ckn 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lutqoqte.dll.vir Infected: Trojan.Win32.Monder.iyk 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mdnxelch.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cyb 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mepfqikd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cqx 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mijhkx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mjemldeu.dll.vir Infected: Trojan.Win32.Monder.bvp 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mntenq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.daq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nuqvoqxd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.clu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\oepebsjf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pfkapkga.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.daq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pyhvdswr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ccu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qaslgm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.adwm 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qusbjo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.daq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\renpyegb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cdz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rfypurey.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rjarexsq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sanffg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sgswfisj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.daq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sjswqjbd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cut 1

C:\QooBox\Quarantine\C\WINDOWS\system32\stjjea.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cyb 1

C:\QooBox\Quarantine\C\WINDOWS\system32\syzovq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cwt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tezmdt.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.day 1

C:\QooBox\Quarantine\C\WINDOWS\system32\thmuyo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ccu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\uqklrrfh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vlltataq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wtnvtk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cug 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yefzmv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cqa 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yilett.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ctx 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zuddvi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cqx 1

C:\WINDOWS\system32\MSCOMCTL.OCX Infected: not-a-virus:FraudTool.Win32.SpyAway.ag 1

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:27, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\random.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {472CBF48-10DF-49FE-A47C-66B117FAE52C} - http://www.ibingo.com/bin/v6/setup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://preview.licenseacquisition.org/69/1...ia.1.0.0.22.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8578 bytes

Edited by tiz68, 29 August 2008 - 03:38 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 30 August 2008 - 07:37 AM

Hi Tiz68,

Great job :thumbsup: The things that Kaspersky found was just files that were quartined by Combofix, no need to worry, it will be gone once we uinstall Combofix.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hides file extensions and hidden/system files.
  • Clears System Restore cache and creates new restore point.
Log looks clean, great job!
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us!

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 tiz68

tiz68
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 30 August 2008 - 02:32 PM

Extremeboy, thanks for all the help you provided. I really do appreciate it. My computer is running good as new and man does it feel good. You really know your stuff. Again thanks for the help. I know if I have anymore problems I will be coming back. Take care Extremeboy! :thumbsup:

-Tiz

Edited by tiz68, 30 August 2008 - 02:33 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 30 August 2008 - 02:51 PM

No Problem,

Glad I was able to help you and good luck :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:10 AM

Posted 30 August 2008 - 02:56 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users