Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove Darksma and Virtumonde


  • This topic is locked This topic is locked
8 replies to this topic

#1 Charlong666

Charlong666

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 23 November 2008 - 09:18 PM

So I've started getting pop-ups from random websites, and by using two different spyware proms i've gotten Darksma and Virtumonde. Freedom keeps telling me it's Darksma, but Spybot-S&D tells me Darksma. Neither will get deleted and i'm out of ideas.....so after following the steps and running HijackThis i've gotten this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:34 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Aliant\Servicepoint\ASA.exe
C:\Program Files\Aliant\Aliant Security Services\Rps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Aliant\Aliant Security Services\PrtlAgt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ASA.exe] "C:\Program Files\Aliant\Servicepoint\ASA.exe"
O4 - HKLM\..\Run: [Aliant Security Services] "C:\Program Files\Aliant\Aliant Security Services\Rps.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227046639281
O20 - AppInit_DLLs: wnawsk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Aliant Security Services Personal Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Aliant\Aliant Security Services\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6179 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:19 PM

Posted 24 November 2008 - 02:25 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Charlong666

Charlong666
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 November 2008 - 07:01 PM

ComboFix:

ComboFix 08-11-23.02 - Aaron Charlong 2008-11-24 19:43:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.76 [GMT -4:00]
Running from: c:\documents and settings\Aaron Charlong\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\geBRheET.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\jkkHYRKe.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\msssc.dll
c:\windows\system32\TEehRBeg.ini
c:\windows\system32\TEehRBeg.ini2
c:\windows\system32\toerdaep.dll
c:\windows\system32\wnawsk.dll

----- BITS: Possible infected sites -----

hxxp://www.dapsp.com
.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 06:04 . 2008-11-24 06:04 720 --a------ c:\windows\system32\apkrbqea.dll
2008-11-24 06:01 . 2008-11-24 06:01 726 --a------ c:\windows\system32\xkrhpguw.dll
2008-11-23 20:11 . 2008-11-23 20:11 <DIR> d-------- c:\program files\Panda Security
2008-11-23 20:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-23 19:47 . 2008-11-23 20:08 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HouseCall 6.6
2008-11-23 19:43 . 2008-11-23 19:43 <DIR> d-------- c:\windows\Sun
2008-11-23 18:14 . 2008-11-23 18:14 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 18:14 . 2008-11-23 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-23 18:13 . 2008-11-23 18:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 17:01 . 2008-11-23 17:01 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 06:03 . 2008-11-23 06:03 726 --a------ c:\windows\system32\jdytdijg.dll
2008-11-23 06:00 . 2008-11-23 06:00 720 --a------ c:\windows\system32\jpcyfwlc.dll
2008-11-23 01:49 . 2008-11-23 01:49 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-23 01:49 . 2008-11-23 01:56 <DIR> d-------- c:\program files\Google
2008-11-23 00:18 . 2008-11-23 00:18 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\uTorrent
2008-11-22 06:00 . 2008-11-22 06:00 717 --a------ c:\windows\system32\rpnuoago.dll
2008-11-22 05:58 . 2008-11-22 05:58 723 --a------ c:\windows\system32\svpcnway.dll
2008-11-21 15:46 . 2008-11-21 15:46 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Apple Computer
2008-11-21 15:44 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-21 15:44 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-21 15:38 . 2008-11-21 15:38 <DIR> d-------- c:\program files\iPod
2008-11-21 15:37 . 2008-11-21 15:44 <DIR> d-------- c:\program files\iTunes
2008-11-21 15:37 . 2008-11-21 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 15:36 . 2008-11-21 15:36 <DIR> d-------- c:\program files\Bonjour
2008-11-21 15:35 . 2008-11-21 15:36 <DIR> d-------- c:\program files\QuickTime
2008-11-21 15:34 . 2008-11-21 15:34 <DIR> d-------- c:\program files\Apple Software Update
2008-11-21 15:34 . 2008-11-21 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-21 15:32 . 2008-11-21 15:38 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-21 15:32 . 2008-11-21 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-20 15:39 . 2008-11-20 15:39 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-11-20 12:46 . 2008-11-23 15:58 <DIR> dr------- c:\documents and settings\Aaron Charlong\Shared
2008-11-20 12:46 . 2008-11-23 15:22 <DIR> d-------- c:\documents and settings\Aaron Charlong\Incomplete
2008-11-20 12:45 . 2008-11-20 12:45 <DIR> d-------- c:\program files\MP3 Rocket
2008-11-20 12:45 . 2008-11-23 11:26 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\MP3Rocket
2008-11-20 12:33 . 2008-11-20 12:41 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\LimeWire
2008-11-20 12:32 . 2008-11-20 12:30 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-20 12:32 . 2008-11-20 12:30 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-20 12:30 . 2008-11-20 12:30 <DIR> d-------- c:\program files\Java
2008-11-20 11:51 . 2008-11-20 11:51 95 --a------ c:\windows\wininit.ini
2008-11-20 11:18 . 2008-11-20 11:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-20 11:18 . 2008-11-20 12:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 18:29 . 2008-11-23 01:52 116 --a------ c:\windows\NeroDigital.ini
2008-11-19 15:55 . 2008-11-19 15:55 <DIR> d-------- c:\program files\uTorrent
2008-11-19 15:46 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-11-19 15:46 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-11-19 15:46 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-18 22:55 . 2008-11-18 23:37 <DIR> d-------- C:\Temp
2008-11-18 21:37 . 2008-11-18 21:37 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Yahoo!
2008-11-18 21:37 . 2008-11-20 07:40 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HPAppData
2008-11-18 21:27 . 2008-11-18 21:27 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-18 21:16 . 2008-11-18 21:16 70 --a------ c:\windows\31B2CC73.ini
2008-11-18 20:56 . 2008-11-18 20:56 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HP
2008-11-18 20:54 . 2008-11-18 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-18 20:52 . 2008-11-18 20:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-18 20:52 . 2007-11-08 10:56 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-18 20:52 . 2007-10-20 18:25 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-11-18 20:52 . 2007-10-30 05:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-18 20:52 . 2007-10-30 05:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-18 20:52 . 2007-10-30 05:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-18 20:51 . 2007-10-21 12:45 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-18 20:51 . 2007-10-30 05:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-18 20:51 . 2007-10-30 05:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-11-18 20:51 . 2007-10-21 12:45 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-18 20:51 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-18 20:51 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-18 20:44 . 2008-11-18 20:44 0 --a------ c:\windows\system32\ϟ
2008-11-18 20:43 . 2008-11-18 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-18 20:43 . 2008-11-21 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Common Files\HP
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-18 20:41 . 2008-10-03 13:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-18 20:41 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-18 20:41 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-18 20:41 . 2008-08-26 03:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-18 20:41 . 2008-08-26 03:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-18 20:41 . 2008-08-26 03:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-18 20:41 . 2008-08-26 03:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-18 20:41 . 2008-08-26 03:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-18 20:41 . 2008-08-25 04:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-18 20:40 . 2008-11-18 20:53 <DIR> d-------- c:\program files\HP
2008-11-18 20:40 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-18 20:39 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-18 20:39 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-18 20:36 . 2008-11-18 20:53 157,763 --a------ c:\windows\hpoins28.dat
2008-11-18 20:36 . 2007-12-12 20:01 932 --------- c:\windows\hpomdl28.dat
2008-11-18 20:29 . 2008-11-18 20:29 <DIR> d--h----- c:\windows\PIF
2008-11-18 20:23 . 2003-09-24 10:23 33,408 --a------ c:\windows\system32\drivers\freedom.sys
2008-11-18 20:22 . 2008-11-21 17:26 <DIR> d-------- c:\program files\Common Files\PestPatrol
2008-11-18 20:22 . 2008-11-24 19:03 <DIR> d-------- c:\program files\Common Files\Command Software
2008-11-18 20:22 . 2008-11-18 20:22 <DIR> d-------- c:\program files\Aliant
2008-11-18 20:22 . 2008-11-18 21:16 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Aliant
2008-11-18 20:11 . 2008-11-18 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Aliant
2008-11-18 20:09 . 2008-11-18 20:09 <DIR> d-------- c:\program files\DVD Shrink
2008-11-18 20:09 . 2008-11-18 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-18 20:01 . 2008-11-19 16:12 <DIR> d-------- c:\documents and settings\Aaron Charlong\Contacts
2008-11-18 19:54 . 2007-04-10 17:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-11-18 19:54 . 2007-04-10 17:46 709,992 --a------ c:\windows\vVX3000.exe
2008-11-18 19:54 . 2007-04-10 17:46 476,520 --a------ c:\windows\vVX3000.dll
2008-11-18 19:54 . 2007-04-10 17:46 202,088 --a------ c:\windows\system32\LCCoin14.dll
2008-11-18 19:54 . 2007-04-10 17:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-11-18 19:54 . 2007-04-10 17:46 111,976 --a------ c:\windows\VX3000.dll
2008-11-18 19:54 . 2008-04-14 05:42 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-18 19:54 . 2008-04-14 05:42 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-18 19:54 . 2007-04-10 17:46 15,498 --a------ c:\windows\VX3000.ini
2008-11-18 19:54 . 2007-04-10 17:46 13,023 --a------ c:\windows\VX3000.src
2008-11-18 19:51 . 2008-11-18 19:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-11-18 19:50 . 2008-11-18 19:50 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-11-18 19:47 . 2008-11-21 15:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-18 19:47 . 2008-09-08 06:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-18 19:47 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-18 19:47 . 2008-08-14 06:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-18 19:46 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-18 19:42 . 2008-11-18 19:47 <DIR> d-------- c:\program files\Windows Live
2008-11-18 19:42 . 2008-11-18 19:46 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-18 19:41 . 2008-11-18 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-18 19:41 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-18 19:41 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-18 19:41 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-18 19:41 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-18 19:41 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-18 19:41 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-18 19:40 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-18 19:40 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-18 19:40 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 00:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 00:11 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-18 21:57 --------- d-----w c:\program files\Analog Devices
2008-11-18 21:26 558,142 ----a-w c:\windows\java\Packages\6P79JFLN.ZIP
2008-11-18 21:26 155,995 ----a-w c:\windows\java\Packages\TNL7BFX3.ZIP
2008-11-18 21:26 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"ASA.exe"="c:\program files\Aliant\Servicepoint\ASA.exe" [2006-12-06 1983992]
"Aliant Security Services"="c:\program files\Aliant\Aliant Security Services\Rps.exe" [2006-12-11 275960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wnawsk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-23 28544]
R2 MSCamSvc;MSCamSvc;"c:\program files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 271720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{06873F68-B924-4603-9A65-3CF69FFF416D} - c:\windows\system32\geBRheET.dll
BHO-{12a2a1e5-c30c-4063-b7bd-5bfe9a7dd2bd} - c:\windows\system32\wnawsk.dll
BHO-{4E007A5F-299F-44FC-8B6B-F06B61867A2E} - c:\windows\system32\jkkHYRKe.dll
BHO-{C4ED7932-454E-4239-92DE-585922D7A0BC} - (no file)
ShellExecuteHooks-{4E007A5F-299F-44FC-8B6B-F06B61867A2E} - c:\windows\system32\jkkHYRKe.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 19:52:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Aliant\Aliant Security Services\fws.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Aliant\Aliant Security Services\PrtlAgt.exe
.
**************************************************************************
.
Completion time: 2008-11-24 19:57:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-24 23:57:37

Pre-Run: 62,512,721,920 bytes free
Post-Run: 62,566,154,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

268 --- E O F --- 2008-11-19 19:52:16

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:08 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Servicepoint\ASA.exe
C:\Program Files\Aliant\Aliant Security Services\Rps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Aliant\Aliant Security Services\PrtlAgt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ASA.exe] "C:\Program Files\Aliant\Servicepoint\ASA.exe"
O4 - HKLM\..\Run: [Aliant Security Services] "C:\Program Files\Aliant\Aliant Security Services\Rps.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227046639281
O20 - AppInit_DLLs: wnawsk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Aliant Security Services Personal Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Aliant\Aliant Security Services\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5964 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:19 PM

Posted 25 November 2008 - 01:06 AM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\apkrbqea.dll
c:\windows\system32\xkrhpguw.dll
c:\windows\system32\jdytdijg.dll
c:\windows\system32\jpcyfwlc.dll
c:\windows\system32\rpnuoago.dll
c:\windows\system32\svpcnway.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Charlong666

Charlong666
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 25 November 2008 - 02:56 PM

ComboFix Log:

ComboFix 08-11-23.02 - Aaron Charlong 2008-11-25 15:48:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.52 [GMT -4:00]
Running from: c:\documents and settings\Aaron Charlong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aaron Charlong\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\apkrbqea.dll
c:\windows\system32\jdytdijg.dll
c:\windows\system32\jpcyfwlc.dll
c:\windows\system32\rpnuoago.dll
c:\windows\system32\svpcnway.dll
c:\windows\system32\xkrhpguw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\apkrbqea.dll
c:\windows\system32\jdytdijg.dll
c:\windows\system32\jpcyfwlc.dll
c:\windows\system32\rpnuoago.dll
c:\windows\system32\svpcnway.dll
c:\windows\system32\xkrhpguw.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 19:56 . 2008-11-24 19:57 <DIR> d-------- c:\windows\LastGood
2008-11-23 20:11 . 2008-11-23 20:11 <DIR> d-------- c:\program files\Panda Security
2008-11-23 20:11 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-23 19:47 . 2008-11-23 20:08 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HouseCall 6.6
2008-11-23 19:43 . 2008-11-23 19:43 <DIR> d-------- c:\windows\Sun
2008-11-23 18:14 . 2008-11-23 18:14 <DIR> d-------- c:\program files\Lavasoft
2008-11-23 18:14 . 2008-11-23 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-23 18:13 . 2008-11-23 18:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 17:01 . 2008-11-23 17:01 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 01:49 . 2008-11-23 01:49 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-23 01:49 . 2008-11-23 01:56 <DIR> d-------- c:\program files\Google
2008-11-23 00:18 . 2008-11-25 15:47 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\uTorrent
2008-11-21 15:46 . 2008-11-21 15:46 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Apple Computer
2008-11-21 15:44 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-21 15:44 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-21 15:38 . 2008-11-21 15:38 <DIR> d-------- c:\program files\iPod
2008-11-21 15:37 . 2008-11-21 15:44 <DIR> d-------- c:\program files\iTunes
2008-11-21 15:37 . 2008-11-21 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 15:36 . 2008-11-21 15:36 <DIR> d-------- c:\program files\Bonjour
2008-11-21 15:35 . 2008-11-21 15:36 <DIR> d-------- c:\program files\QuickTime
2008-11-21 15:34 . 2008-11-21 15:34 <DIR> d-------- c:\program files\Apple Software Update
2008-11-21 15:34 . 2008-11-21 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-21 15:32 . 2008-11-21 15:38 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-21 15:32 . 2008-11-21 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-20 15:39 . 2008-11-20 15:39 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-11-20 12:46 . 2008-11-24 21:54 <DIR> d-------- c:\documents and settings\Aaron Charlong\Shared
2008-11-20 12:46 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\Aaron Charlong\Incomplete
2008-11-20 12:45 . 2008-11-20 12:45 <DIR> d-------- c:\program files\MP3 Rocket
2008-11-20 12:45 . 2008-11-23 11:26 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\MP3Rocket
2008-11-20 12:33 . 2008-11-20 12:41 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\LimeWire
2008-11-20 12:32 . 2008-11-20 12:30 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-20 12:32 . 2008-11-20 12:30 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-20 12:30 . 2008-11-20 12:30 <DIR> d-------- c:\program files\Java
2008-11-20 11:51 . 2008-11-20 11:51 95 --a------ c:\windows\wininit.ini
2008-11-20 11:18 . 2008-11-20 11:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-20 11:18 . 2008-11-20 12:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 18:29 . 2008-11-23 01:52 116 --a------ c:\windows\NeroDigital.ini
2008-11-19 15:55 . 2008-11-19 15:55 <DIR> d-------- c:\program files\uTorrent
2008-11-19 15:46 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-11-19 15:46 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-11-19 15:46 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-18 22:55 . 2008-11-18 23:37 <DIR> d-------- C:\Temp
2008-11-18 21:37 . 2008-11-18 21:37 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Yahoo!
2008-11-18 21:37 . 2008-11-20 07:40 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HPAppData
2008-11-18 21:27 . 2008-11-18 21:27 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-18 21:16 . 2008-11-18 21:16 70 --a------ c:\windows\31B2CC73.ini
2008-11-18 20:56 . 2008-11-18 20:56 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\HP
2008-11-18 20:54 . 2008-11-18 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-18 20:52 . 2008-11-18 20:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-18 20:52 . 2007-11-08 10:56 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-18 20:52 . 2007-10-20 18:25 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2008-11-18 20:52 . 2007-10-30 05:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-18 20:52 . 2007-10-30 05:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-18 20:52 . 2007-10-30 05:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-18 20:51 . 2007-10-21 12:45 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-18 20:51 . 2007-10-30 05:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-18 20:51 . 2007-10-30 05:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-11-18 20:51 . 2007-10-21 12:45 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-18 20:51 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-18 20:51 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-18 20:44 . 2008-11-18 20:44 0 --a------ c:\windows\system32\ϟ
2008-11-18 20:43 . 2008-11-18 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-18 20:43 . 2008-11-21 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Common Files\HP
2008-11-18 20:42 . 2008-11-18 20:42 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-18 20:41 . 2008-10-03 13:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-18 20:41 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-18 20:41 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-18 20:41 . 2008-08-26 03:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-18 20:41 . 2008-08-26 03:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-18 20:41 . 2008-08-26 03:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-18 20:41 . 2008-08-26 03:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-18 20:41 . 2008-08-26 03:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-18 20:41 . 2008-08-25 04:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-18 20:40 . 2008-11-18 20:53 <DIR> d-------- c:\program files\HP
2008-11-18 20:40 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-18 20:39 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-18 20:39 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-18 20:36 . 2008-11-18 20:53 157,763 --a------ c:\windows\hpoins28.dat
2008-11-18 20:36 . 2007-12-12 20:01 932 --------- c:\windows\hpomdl28.dat
2008-11-18 20:29 . 2008-11-18 20:29 <DIR> d--h----- c:\windows\PIF
2008-11-18 20:23 . 2003-09-24 10:23 33,408 --a------ c:\windows\system32\drivers\freedom.sys
2008-11-18 20:22 . 2008-11-21 17:26 <DIR> d-------- c:\program files\Common Files\PestPatrol
2008-11-18 20:22 . 2008-11-25 13:01 <DIR> d-------- c:\program files\Common Files\Command Software
2008-11-18 20:22 . 2008-11-18 20:22 <DIR> d-------- c:\program files\Aliant
2008-11-18 20:22 . 2008-11-18 21:16 <DIR> d-------- c:\documents and settings\Aaron Charlong\Application Data\Aliant
2008-11-18 20:11 . 2008-11-18 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Aliant
2008-11-18 20:09 . 2008-11-18 20:09 <DIR> d-------- c:\program files\DVD Shrink
2008-11-18 20:09 . 2008-11-18 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-18 20:01 . 2008-11-19 16:12 <DIR> d-------- c:\documents and settings\Aaron Charlong\Contacts
2008-11-18 19:54 . 2007-04-10 17:46 1,966,696 --a------ c:\windows\system32\drivers\VX3000.sys
2008-11-18 19:54 . 2007-04-10 17:46 709,992 --a------ c:\windows\vVX3000.exe
2008-11-18 19:54 . 2007-04-10 17:46 476,520 --a------ c:\windows\vVX3000.dll
2008-11-18 19:54 . 2007-04-10 17:46 202,088 --a------ c:\windows\system32\LCCoin14.dll
2008-11-18 19:54 . 2007-04-10 17:46 185,704 --a------ c:\windows\system32\cVX3000.dll
2008-11-18 19:54 . 2007-04-10 17:46 111,976 --a------ c:\windows\VX3000.dll
2008-11-18 19:54 . 2008-04-14 05:42 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-18 19:54 . 2008-04-14 05:42 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-18 19:54 . 2007-04-10 17:46 15,498 --a------ c:\windows\VX3000.ini
2008-11-18 19:54 . 2007-04-10 17:46 13,023 --a------ c:\windows\VX3000.src
2008-11-18 19:51 . 2008-11-18 19:54 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-11-18 19:50 . 2008-11-18 19:50 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-11-18 19:47 . 2008-11-21 15:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-18 19:47 . 2008-09-08 06:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-18 19:47 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-18 19:47 . 2008-08-14 06:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-18 19:46 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-18 19:42 . 2008-11-18 19:47 <DIR> d-------- c:\program files\Windows Live
2008-11-18 19:42 . 2008-11-18 19:46 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-18 19:41 . 2008-11-18 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-18 19:41 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-18 19:41 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-18 19:41 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-18 19:41 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-18 19:41 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-18 19:41 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-18 19:40 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-18 19:40 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-18 19:40 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-18 19:40 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-18 19:25 . 2008-11-18 19:25 2,422 --a------ c:\windows\system32\wpa.bak
2008-11-18 19:22 . 2008-11-18 19:22 <DIR> d-------- c:\windows\system32\en
2008-11-18 19:22 . 2008-11-18 19:22 <DIR> d-------- c:\windows\peernet
2008-11-18 19:22 . 2008-11-18 19:22 <DIR> d-------- c:\windows\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 00:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 00:11 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-18 21:57 --------- d-----w c:\program files\Analog Devices
2008-11-18 21:26 558,142 ----a-w c:\windows\java\Packages\6P79JFLN.ZIP
2008-11-18 21:26 155,995 ----a-w c:\windows\java\Packages\TNL7BFX3.ZIP
2008-11-18 21:26 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 18:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 18:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 18:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-09-30 20:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-24_19.55.58.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 23:19:20 92,504 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2007-07-30 23:19:36 549,720 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2007-07-30 23:19:16 53,080 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2007-07-30 23:19:32 325,976 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2007-07-30 23:18:40 33,624 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2007-07-30 23:19:12 43,352 ----a-w c:\windows\LastGood\system32\wups2.dll
+ 2007-07-30 23:19:46 203,096 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 18:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 18:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 18:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 18:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 18:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 18:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 18:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 18:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 18:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 18:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"ASA.exe"="c:\program files\Aliant\Servicepoint\ASA.exe" [2006-12-06 1983992]
"Aliant Security Services"="c:\program files\Aliant\Aliant Security Services\Rps.exe" [2006-12-11 275960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-23 28544]
R2 MSCamSvc;MSCamSvc;"c:\program files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 271720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 15:51:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-25 15:52:16
ComboFix-quarantined-files.txt 2008-11-25 19:52:05
ComboFix2.txt 2008-11-24 23:57:52

Pre-Run: 59,449,188,352 bytes free
Post-Run: 59,439,747,072 bytes free

261 --- E O F --- 2008-11-19 19:52:16

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:47 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Servicepoint\ASA.exe
C:\Program Files\Aliant\Aliant Security Services\Rps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Aliant\Aliant Security Services\PrtlAgt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ASA.exe] "C:\Program Files\Aliant\Servicepoint\ASA.exe"
O4 - HKLM\..\Run: [Aliant Security Services] "C:\Program Files\Aliant\Aliant Security Services\Rps.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227046639281
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Aliant Security Services Personal Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Aliant\Aliant Security Services\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5875 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:19 PM

Posted 25 November 2008 - 02:59 PM

Hi,

This looks OK again.

Just check and fix this leftover in HijackThis:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Charlong666

Charlong666
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 25 November 2008 - 03:04 PM

Things actually started working alot better after your first umm post, but now everything seems perfect thanks

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:19 PM

Posted 25 November 2008 - 03:06 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:19 PM

Posted 28 November 2008 - 04:42 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users