Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Monder and several other Infections


  • This topic is locked This topic is locked
7 replies to this topic

#1 jrand

jrand

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:13 AM

Posted 16 December 2008 - 08:52 PM

Hello, I believe that I've just recently been affected with several viruses/malware packages that cause ADs to pop up whenever I browse or search in Firefox. I also notice several Firefox windows when I Alt-Tab. I use BitDefender if it's any consolation.

Also, not sure if this is related or is a hardware issue, I occasionally (and randomly) get BSOD's with the STOP msgs of 0x77 or 0xF4. I'm about to get RAM RMAed so I'm not as concerned with the BSOD's if it's a separate issue than the Trojans. Here are my log files:


DDS (Version 1.1.0) - NTFSx86
Run by Justin at 20:41:36.73 on Tue 12/16/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.514 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Documents and Settings\Justin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\cbXPgffd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8F99E3E5-F449-4FA1-8410-B6B094F33615} - c:\windows\system32\pmnmlliH.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e124a2f7-0e58-4674-8f8c-c3a98eca9bb1} - c:\windows\system32\gaieac.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [MSMSGS] "c:\progra~1\messen~1\msmsgs.exe" /background
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [00c4328e] rundll32.exe "c:\windows\system32\xsgapigt.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-556 xtreme n pcie desktop adapter\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: cbXPgffd - cbXPgffd.dll
AppInit_DLLs: gaieac.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\cbXPgffd.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnmlliH

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin\applic~1\mozilla\firefox\profiles\571zew89.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-26 394872]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2006-8-20 15840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-1-14 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-8-15 55840]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2006-8-20 98304]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe" [2008-7-17 118784]
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []

=============== Created Last 30 ================

2008-12-16 15:56 410,976 a------- c:\windows\system32\deploytk.dll
2008-12-16 15:45 <DIR> --d----- c:\program files\Trend Micro
2008-12-16 14:52 72,704 a------- c:\windows\system32\xsgapigt.dll
2008-12-16 14:52 1,647,996 ---sh--- c:\windows\system32\tgipagsx.ini
2008-12-16 14:47 129,024 a------- c:\windows\system32\xjfwhueo.dll
2008-12-16 14:47 129,024 a------- c:\windows\system32\gaieac.dll
2008-12-14 13:50 1,647,996 ---sh--- c:\windows\system32\wqgwaegf.ini
2008-12-14 13:50 72,704 -------- c:\windows\system32\fgeawgqw.dll
2008-12-14 13:47 129,024 a------- c:\windows\system32\uuuuax.dll
2008-12-14 13:47 129,024 a------- c:\windows\system32\iturvmik.dll
2008-12-14 13:44 924,701 a--sh--- c:\windows\system32\Hillmnmp.ini2
2008-12-14 13:44 924,701 a--sh--- c:\windows\system32\Hillmnmp.ini
2008-12-14 13:44 302,592 a------- c:\windows\system32\pmnmlliH.dll
2008-12-14 13:39 66,560 a------- c:\windows\system32\ddcBRjIB.dll
2008-12-14 13:39 34,816 a------- c:\windows\system32\cbXPgffd.dll
2008-12-14 13:39 22,016 a------- c:\windows\system32\~.exe
2008-12-14 13:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2008-12-14 13:00 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-06 12:44 488 a------- C:\hpfr3420.xml
2008-12-05 18:23 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-12-05 18:22 16,606 -------- c:\windows\hpomdl01.dat
2008-12-05 18:22 19,558 a------- c:\windows\hpoins01.dat
2008-12-05 18:20 <DIR> --d----- c:\temp\HP All-in-One Series Web Release
2008-12-03 17:23 479 a------- c:\windows\system32\BDUpdateV1.xml
2008-11-26 13:42 <DIR> --d----- c:\program files\iPod
2008-11-26 13:42 <DIR> --d----- c:\program files\iTunes
2008-11-26 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-11-23 09:26 230,920 a------- c:\windows\system32\drivers\bdfsfltr.sys
2008-11-23 09:26 192,512 a------- c:\windows\system32\txmlutil.dll
2008-11-23 09:26 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-20 18:16 81,984 a------- c:\windows\system32\bdod.bin

============= FINISH: 20:42:24.51 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2006 2:54:34 PM
System Uptime: 12/16/2008 2:45:43 PM (6 hours ago)

Motherboard: Foxconn | | C51XEM2AA
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket M2 | 2210/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 35.808 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&3B53FC9C&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&3B53FC9C&0&00
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
Service: NVENETFD

==== System Restore Points ===================

RP344: 12/14/2008 1:44:31 PM - System Checkpoint
RP345: 12/14/2008 1:44:31 PM - System Checkpoint
RP346: 12/14/2008 1:44:31 PM - System Checkpoint
RP347: 12/14/2008 1:44:32 PM - System Checkpoint
RP348: 12/14/2008 1:44:32 PM - System Checkpoint
RP349: 12/14/2008 1:44:32 PM - Removed BitDefender Antivirus 2008
RP350: 12/14/2008 1:44:33 PM - Installed BitDefender Antivirus 2009
RP351: 12/14/2008 1:44:33 PM - System Checkpoint
RP352: 12/14/2008 1:44:34 PM - System Checkpoint
RP353: 12/14/2008 1:44:34 PM - Software Distribution Service 3.0
RP354: 12/14/2008 1:44:34 PM - Software Distribution Service 3.0
RP355: 12/14/2008 1:44:34 PM - System Checkpoint
RP356: 12/14/2008 1:44:35 PM - System Checkpoint
RP357: 12/14/2008 1:44:35 PM - System Checkpoint
RP358: 12/14/2008 1:44:35 PM - System Checkpoint
RP359: 12/14/2008 1:44:35 PM - Software Distribution Service 3.0
RP360: 12/14/2008 1:44:35 PM - Installed Windows XP KB915865.
RP361: 12/14/2008 1:44:36 PM - Installed Windows NLSDownlevelMapping.
RP362: 12/14/2008 1:44:36 PM - Installed Windows IDNMitigationAPIs.
RP363: 12/14/2008 1:44:36 PM - Installed Windows Internet Explorer 7.
RP364: 12/14/2008 1:44:37 PM - Software Distribution Service 3.0
RP365: 12/14/2008 1:44:37 PM - Restore Operation
RP366: 12/14/2008 1:44:37 PM - System Checkpoint
RP367: 12/14/2008 1:44:37 PM - System Checkpoint
RP368: 12/14/2008 1:44:38 PM - System Checkpoint
RP369: 12/14/2008 1:44:38 PM - System Checkpoint
RP370: 12/14/2008 1:44:38 PM - System Checkpoint
RP371: 12/14/2008 1:44:39 PM - System Checkpoint
RP372: 12/14/2008 1:44:39 PM - System Checkpoint
RP373: 12/14/2008 1:44:39 PM - Software Distribution Service 3.0
RP374: 12/14/2008 1:44:40 PM - Software Distribution Service 3.0
RP375: 12/14/2008 1:44:40 PM - Removed World in Conflict
RP376: 12/14/2008 1:44:40 PM - System Checkpoint
RP377: 12/14/2008 1:44:41 PM - System Checkpoint
RP378: 12/14/2008 1:44:41 PM - Software Distribution Service 3.0
RP379: 12/14/2008 1:44:41 PM - Software Distribution Service 3.0
RP380: 12/14/2008 1:44:41 PM - System Checkpoint
RP381: 12/14/2008 1:44:42 PM - System Checkpoint
RP382: 12/14/2008 1:44:42 PM - System Checkpoint
RP383: 12/14/2008 1:44:42 PM - System Checkpoint
RP384: 12/14/2008 1:44:42 PM - System Checkpoint
RP385: 12/14/2008 1:44:43 PM - System Checkpoint
RP386: 12/14/2008 1:44:43 PM - Software Distribution Service 3.0
RP387: 12/14/2008 1:44:43 PM - System Checkpoint
RP388: 12/14/2008 1:44:44 PM - System Checkpoint
RP389: 12/14/2008 1:44:44 PM - System Checkpoint
RP390: 12/14/2008 1:44:45 PM - System Checkpoint
RP391: 12/14/2008 1:44:46 PM - Software Distribution Service 3.0
RP392: 12/14/2008 1:44:46 PM - System Checkpoint
RP393: 12/14/2008 1:44:47 PM - System Checkpoint
RP394: 12/14/2008 1:44:47 PM - System Checkpoint
RP395: 12/14/2008 1:44:48 PM - System Checkpoint
RP396: 12/14/2008 1:44:48 PM - System Checkpoint
RP397: 12/14/2008 1:44:49 PM - System Checkpoint
RP398: 12/14/2008 1:44:50 PM - System Checkpoint
RP399: 12/14/2008 1:44:50 PM - System Checkpoint
RP400: 12/14/2008 1:44:50 PM - Installed HP Photo and Imaging 2.0 - All-in-One
RP401: 12/14/2008 1:44:50 PM - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP402: 12/14/2008 1:44:51 PM - Unsigned driver install
RP403: 12/14/2008 1:44:51 PM - Installed hp psc 1200 series
RP404: 12/14/2008 1:44:51 PM - System Checkpoint
RP405: 12/14/2008 1:44:52 PM - System Checkpoint
RP406: 12/14/2008 1:44:52 PM - Software Distribution Service 3.0
RP407: 12/14/2008 1:44:53 PM - System Checkpoint
RP408: 12/14/2008 1:44:53 PM - Software Distribution Service 3.0
RP409: 12/14/2008 1:44:53 PM - Installed Amazon Unbox Video
RP410: 12/14/2008 1:45:02 PM - Last known good configuration
RP411: 12/14/2008 8:28:50 PM - Configured Amazon Unbox Video
RP412: 12/16/2008 3:55:53 PM - Installed Java™ 6 Update 10
RP413: 12/16/2008 3:56:19 PM - Installed Java Runtime Environment

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.7
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Audio Converter
BitDefender Antivirus 2009
Bonjour
Call of Duty® 2
CardRd81
CCScore
CR2
Creative System Information
Crimson Editor (remove only)
D-Link DWA-556 Xtreme N PCIe Desktop Adapter
EES - Engineering Equation Solver (DEMO)
EphPod
ESPN Java Check
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
free-downloads.net Toolbar
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 10
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.75 Full
Kodak EasyShare software
KSU
LightScribe 1.4.67.1
LiveUpdate
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech SetPoint
Logitech VideoCall
Logitech® Camera Driver
McGraw-Hill's LSAT
mediaCam Lite
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
ModelSim XE III 6.1e
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
Notifier
NVIDIA Drivers
NVIDIA nTune
OTtBP
OTtBPSDK
PCSpim
Philips Photo Manager 1.0
PopCap Browser Plugin
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SKIN0001
SKINXSDK
Sound Blaster Audigy 2 ZS
Switch
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims™ 2 Apartment Life
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Typer Shark Deluxe 1.02
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
ViewSonic Monitor Drivers
VPRINTOL
WavePad Uninstall
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFast® Display Driver
WinRAR archiver
WIRELESS
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/11/2008 7:24:01 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
12/14/2008 2:40:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 17:52:49
Records in database: 1466314
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 157587
Threat name: 4
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 03:43:23


File name / Threat name / Threats count
C:\WINDOWS\system32\cbXPgffd.dll/C:\WINDOWS\system32\cbXPgffd.dll Infected: Trojan-Downloader.Win32.Injecter.bel 3
C:\WINDOWS\system32\fgeawgqw.dll/C:\WINDOWS\system32\fgeawgqw.dll Infected: Trojan.Win32.Monder.acfd 1
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\X79YXU31\apstpldr.dll[1].htm Infected: Trojan-Downloader.Win32.Agent.aubk 1
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\X79YXU31\load[1].exe Infected: Trojan.Win32.Pakes.meg 1
C:\WINDOWS\system32\cbXPgffd.dll Infected: Trojan-Downloader.Win32.Injecter.bel 1
C:\WINDOWS\system32\ddcBRjIB.dll Infected: Trojan-Downloader.Win32.Agent.aubk 1
C:\WINDOWS\system32\fgeawgqw.dll Infected: Trojan.Win32.Monder.acfd 1
C:\WINDOWS\system32\~.exe Infected: Trojan.Win32.Pakes.meg 1

The selected area was scanned.


Thanks for the help, hopefully I followed the rules correctly.

Edited by jrand, 16 December 2008 - 08:54 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 19 December 2008 - 02:49 PM

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Double click combofix.exe and follow the prompts. Make sure you install Recovery Console if asked.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jrand

jrand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:13 AM

Posted 19 December 2008 - 07:04 PM

Ok, did as you said. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:15 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/...b?1156114117140
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: difamj.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 10625 bytes

ComboFix 08-12-18.03 - Justin 2008-12-19 17:35:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.507 [GMT -5:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Justin\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Justin\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\~.exe
c:\windows\system32\ajaxldnd.dll
c:\windows\system32\cbXPgffd.dll
c:\windows\system32\ddcBRjIB.dll
c:\windows\system32\difamj.dll
c:\windows\system32\dndlxaja.ini
c:\windows\system32\gaieac.dll
c:\windows\system32\Hillmnmp.ini
c:\windows\system32\Hillmnmp.ini2
c:\windows\system32\iturvmik.dll
c:\windows\system32\m3.dll
c:\windows\system32\pmnmlliH.dll
c:\windows\system32\rdfver.dll
c:\windows\system32\tgijcnum.dll
c:\windows\system32\tgipagsx.ini
c:\windows\system32\tqwgcbbu.dll
c:\windows\system32\ubbcgwqt.ini
c:\windows\system32\ufpvqhhi.dll
c:\windows\system32\uuuuax.dll
c:\windows\system32\wqgwaegf.ini
c:\windows\system32\xjfwhueo.dll
c:\windows\Tasks\cllgkxcz.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-16 20:50 . 2008-12-16 20:50 754 --a------ c:\windows\WORDPAD.INI
2008-12-16 15:56 . 2008-12-16 15:56 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-16 15:45 . 2008-12-16 15:45 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 13:04 . 2008-12-14 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Amazon
2008-12-14 13:00 . 2008-12-14 13:00 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-06 12:44 . 2008-12-06 12:44 488 --a------ C:\hpfr3420.xml
2008-12-05 18:30 . 2008-12-05 18:30 <DIR> d-------- c:\documents and settings\Justin\Application Data\Hewlett-Packard
2008-12-05 18:23 . 2008-12-05 18:23 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-05 18:22 . 2008-12-05 18:23 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-05 18:22 . 2008-12-05 18:30 19,558 --a------ c:\windows\hpoins01.dat
2008-12-05 18:22 . 2003-04-22 10:24 16,606 --------- c:\windows\hpomdl01.dat
2008-12-05 18:20 . 2008-12-05 18:22 <DIR> d-------- c:\temp\HP All-in-One Series Web Release
2008-12-03 17:23 . 2008-12-09 22:40 479 --a------ c:\windows\system32\BDUpdateV1.xml
2008-11-26 13:42 . 2008-11-26 13:42 <DIR> d-------- c:\program files\iTunes
2008-11-26 13:42 . 2008-11-26 13:42 <DIR> d-------- c:\program files\iPod
2008-11-26 13:42 . 2008-11-26 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 13:35 . 2008-11-26 13:35 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 21:45 --------- d-----w c:\documents and settings\Justin\Application Data\uTorrent
2008-12-16 20:55 --------- d-----w c:\program files\Java
2008-12-15 01:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 18:37 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 14:26 230,920 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2008-11-23 14:26 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-12-03 21:53 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

2004-08-04 07:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe

2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-04 07:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll

2004-08-04 07:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll

2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys

2004-08-04 07:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe

2004-08-04 07:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 07:00 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 07:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe

2004-08-04 07:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe

2004-08-04 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 07:00 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe

2004-08-04 07:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

2004-08-04 07:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-03-16 128512]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-11-23 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-23 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-06 c:\windows\system32\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe [2008-08-15 13357056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=difamj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
--a------ 2006-08-04 16:57 2110464 c:\program files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-26 12:32 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\Justin\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2006-08-20 15840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-14 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-08-15 55840]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1228519813.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{8A03CD0D-E211-4B0B-ADAD-864A9A0AD71F} - c:\windows\system32\pmnmlliH.dll
BHO-{9e0b57c5-a1d4-4683-aa9a-988d24a6140d} - c:\windows\system32\difamj.dll
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\571zew89.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 17:42:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-12-19 17:49:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 22:49:47

Pre-Run: 34,076,356,608 bytes free
Post-Run: 34,881,720,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

291 --- E O F --- 2008-12-12 03:41:50

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 19 December 2008 - 11:10 PM

Please uninstall Viewpoint from your computer... Lets do this....


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run DDS again.. Post these logs in your next reply..

1. Malwarebytes'
2. ESET Online
3. DDS log
4. Tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 jrand

jrand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:13 AM

Posted 21 December 2008 - 09:17 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1524
Windows 5.1.2600 Service Pack 3

12/20/2008 9:28:05 PM
mbam-log-2008-12-20 (21-28-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 207416
Time elapsed: 2 hour(s), 12 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajaxldnd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXPgffd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\difamj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaieac.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iturvmik.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmlliH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rdfver.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tgijcnum.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tqwgcbbu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ufpvqhhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uuuuax.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xjfwhueo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP409\A0316395.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP413\A0317461.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318485.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318487.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318488.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318496.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318501.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01ECAE7A-656B-468A-BCD8-B95EC7C1AB06}\RP414\A0318503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3709 (20081220)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=712a4c0eb3cd3f4e8e22afea05683210
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-22 01:30:36
# local_time=2008-12-21 08:30:36 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=539851
# found=1
# scan_time=7864
C:\quarantine\_CACHE_002_.Vir JS/Exploit.ADODB.Stream.AC trojan (unable to clean - deleted) 00000000000000000000000000000000



DDS (Version 1.1.0) - NTFSx86
Run by Justin at 21:12:43.92 on Sun 12/21/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.377 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Justin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [MSMSGS] "c:\progra~1\messen~1\msmsgs.exe" /background
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-556 xtreme n pcie desktop adapter\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
AppInit_DLLs: difamj.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin\applic~1\mozilla\firefox\profiles\571zew89.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-26 394872]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2006-8-20 15840]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-8-15 55840]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2006-8-20 98304]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe" [2008-7-17 118784]
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys []
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []

=============== Created Last 30 ================

2008-12-21 18:14 <DIR> --d----- c:\program files\EsetOnlineScanner
2008-12-19 23:24 <DIR> --d----- c:\docume~1\justin\applic~1\Malwarebytes
2008-12-19 23:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-19 23:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 23:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-19 17:24 <DIR> a-dshr-- C:\cmdcons
2008-12-19 17:22 161,792 a------- c:\windows\SWREG.exe
2008-12-19 17:22 98,816 a------- c:\windows\sed.exe
2008-12-16 20:50 754 a------- c:\windows\WORDPAD.INI
2008-12-16 15:56 410,976 a------- c:\windows\system32\deploytk.dll
2008-12-16 15:45 <DIR> --d----- c:\program files\Trend Micro
2008-12-14 13:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2008-12-14 13:00 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-06 12:44 488 a------- C:\hpfr3420.xml
2008-12-05 18:23 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-12-05 18:22 16,606 -------- c:\windows\hpomdl01.dat
2008-12-05 18:22 19,558 a------- c:\windows\hpoins01.dat
2008-12-05 18:20 <DIR> --d----- c:\temp\HP All-in-One Series Web Release
2008-12-03 17:23 479 a------- c:\windows\system32\BDUpdateV1.xml
2008-11-26 13:42 <DIR> --d----- c:\program files\iPod
2008-11-26 13:42 <DIR> --d----- c:\program files\iTunes
2008-11-26 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-11-23 09:26 230,920 a------- c:\windows\system32\drivers\bdfsfltr.sys
2008-11-23 09:26 192,512 a------- c:\windows\system32\txmlutil.dll
2008-11-23 09:26 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

============= FINISH: 21:13:16.17 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2006 2:54:34 PM
System Uptime: 12/21/2008 6:08:35 PM (3 hours ago)

Motherboard: Foxconn | | C51XEM2AA
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket M2 | 2210/201mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 32.465 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&3B53FC9C&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&3B53FC9C&0&00
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&CBC4BCB&0&00
Service: NVENETFD

==== System Restore Points ===================

RP344: 12/14/2008 1:44:31 PM - System Checkpoint
RP345: 12/14/2008 1:44:31 PM - System Checkpoint
RP346: 12/14/2008 1:44:31 PM - System Checkpoint
RP347: 12/14/2008 1:44:32 PM - System Checkpoint
RP348: 12/14/2008 1:44:32 PM - System Checkpoint
RP349: 12/14/2008 1:44:32 PM - Removed BitDefender Antivirus 2008
RP350: 12/14/2008 1:44:33 PM - Installed BitDefender Antivirus 2009
RP351: 12/14/2008 1:44:33 PM - System Checkpoint
RP352: 12/14/2008 1:44:34 PM - System Checkpoint
RP353: 12/14/2008 1:44:34 PM - Software Distribution Service 3.0
RP354: 12/14/2008 1:44:34 PM - Software Distribution Service 3.0
RP355: 12/14/2008 1:44:34 PM - System Checkpoint
RP356: 12/14/2008 1:44:35 PM - System Checkpoint
RP357: 12/14/2008 1:44:35 PM - System Checkpoint
RP358: 12/14/2008 1:44:35 PM - System Checkpoint
RP359: 12/14/2008 1:44:35 PM - Software Distribution Service 3.0
RP360: 12/14/2008 1:44:35 PM - Installed Windows XP KB915865.
RP361: 12/14/2008 1:44:36 PM - Installed Windows NLSDownlevelMapping.
RP362: 12/14/2008 1:44:36 PM - Installed Windows IDNMitigationAPIs.
RP363: 12/14/2008 1:44:36 PM - Installed Windows Internet Explorer 7.
RP364: 12/14/2008 1:44:37 PM - Software Distribution Service 3.0
RP365: 12/14/2008 1:44:37 PM - Restore Operation
RP366: 12/14/2008 1:44:37 PM - System Checkpoint
RP367: 12/14/2008 1:44:37 PM - System Checkpoint
RP368: 12/14/2008 1:44:38 PM - System Checkpoint
RP369: 12/14/2008 1:44:38 PM - System Checkpoint
RP370: 12/14/2008 1:44:38 PM - System Checkpoint
RP371: 12/14/2008 1:44:39 PM - System Checkpoint
RP372: 12/14/2008 1:44:39 PM - System Checkpoint
RP373: 12/14/2008 1:44:39 PM - Software Distribution Service 3.0
RP374: 12/14/2008 1:44:40 PM - Software Distribution Service 3.0
RP375: 12/14/2008 1:44:40 PM - Removed World in Conflict
RP376: 12/14/2008 1:44:40 PM - System Checkpoint
RP377: 12/14/2008 1:44:41 PM - System Checkpoint
RP378: 12/14/2008 1:44:41 PM - Software Distribution Service 3.0
RP379: 12/14/2008 1:44:41 PM - Software Distribution Service 3.0
RP380: 12/14/2008 1:44:41 PM - System Checkpoint
RP381: 12/14/2008 1:44:42 PM - System Checkpoint
RP382: 12/14/2008 1:44:42 PM - System Checkpoint
RP383: 12/14/2008 1:44:42 PM - System Checkpoint
RP384: 12/14/2008 1:44:42 PM - System Checkpoint
RP385: 12/14/2008 1:44:43 PM - System Checkpoint
RP386: 12/14/2008 1:44:43 PM - Software Distribution Service 3.0
RP387: 12/14/2008 1:44:43 PM - System Checkpoint
RP388: 12/14/2008 1:44:44 PM - System Checkpoint
RP389: 12/14/2008 1:44:44 PM - System Checkpoint
RP390: 12/14/2008 1:44:45 PM - System Checkpoint
RP391: 12/14/2008 1:44:46 PM - Software Distribution Service 3.0
RP392: 12/14/2008 1:44:46 PM - System Checkpoint
RP393: 12/14/2008 1:44:47 PM - System Checkpoint
RP394: 12/14/2008 1:44:47 PM - System Checkpoint
RP395: 12/14/2008 1:44:48 PM - System Checkpoint
RP396: 12/14/2008 1:44:48 PM - System Checkpoint
RP397: 12/14/2008 1:44:49 PM - System Checkpoint
RP398: 12/14/2008 1:44:50 PM - System Checkpoint
RP399: 12/14/2008 1:44:50 PM - System Checkpoint
RP400: 12/14/2008 1:44:50 PM - Installed HP Photo and Imaging 2.0 - All-in-One
RP401: 12/14/2008 1:44:50 PM - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP402: 12/14/2008 1:44:51 PM - Unsigned driver install
RP403: 12/14/2008 1:44:51 PM - Installed hp psc 1200 series
RP404: 12/14/2008 1:44:51 PM - System Checkpoint
RP405: 12/14/2008 1:44:52 PM - System Checkpoint
RP406: 12/14/2008 1:44:52 PM - Software Distribution Service 3.0
RP407: 12/14/2008 1:44:53 PM - System Checkpoint
RP408: 12/14/2008 1:44:53 PM - Software Distribution Service 3.0
RP409: 12/14/2008 1:44:53 PM - Installed Amazon Unbox Video
RP410: 12/14/2008 1:45:02 PM - Last known good configuration
RP411: 12/14/2008 8:28:50 PM - Configured Amazon Unbox Video
RP412: 12/16/2008 3:55:53 PM - Installed Java™ 6 Update 10
RP413: 12/16/2008 3:56:19 PM - Installed Java Runtime Environment
RP414: 12/19/2008 5:22:58 PM - ComboFix created restore point
RP415: 12/19/2008 11:26:18 PM - Software Distribution Service 3.0
RP416: 12/21/2008 8:52:24 PM - System Checkpoint

==== Installed Programs ======================


Acrobat.com
Adobe AIR
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.7
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Audio Converter
BitDefender Antivirus 2009
Bonjour
Call of Duty® 2
CardRd81
CCScore
CR2
Creative System Information
Crimson Editor (remove only)
D-Link DWA-556 Xtreme N PCIe Desktop Adapter
EES - Engineering Equation Solver (DEMO)
EphPod
ESET Online Scanner
ESPN Java Check
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
free-downloads.net Toolbar
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 10
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.75 Full
Kodak EasyShare software
KSU
LightScribe 1.4.67.1
LiveUpdate
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech SetPoint
Logitech VideoCall
Logitech® Camera Driver
Malwarebytes' Anti-Malware
McGraw-Hill's LSAT
mediaCam Lite
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
ModelSim XE III 6.1e
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
Notifier
NVIDIA Drivers
NVIDIA nTune
OTtBP
OTtBPSDK
PCSpim
Philips Photo Manager 1.0
PopCap Browser Plugin
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
SFR
SHASTA
SKIN0001
SKINXSDK
Sound Blaster Audigy 2 ZS
Switch
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims™ 2 Apartment Life
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Typer Shark Deluxe 1.02
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
ViewSonic Monitor Drivers
VPRINTOL
WavePad Uninstall
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFast® Display Driver
WinRAR archiver
WIRELESS
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/16/2008 2:46:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/16/2008 2:46:16 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
12/19/2008 5:42:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/20/2008 9:29:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvraid

==== End Of File ===========================


The computer seems to be running fine. No mysterious Firefox windows showing up. On the surface everything seems to be working fine. Thanks for all of your help so far.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 22 December 2008 - 03:55 AM

Looks great to me.. Just fix below with HijackThis..

O20 - AppInit_DLLs: difamj.dll


After that, lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Lastly, to keep your operating system up to date please visit the link below monthlyTo learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 jrand

jrand
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:13 AM

Posted 22 December 2008 - 07:30 AM

The computer is running great. Seems like you did the trick. Thanks for all the help, and I'm glad I found this forum.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 22 December 2008 - 09:53 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users