Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please would you help me?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Randomguy68

Randomguy68

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 20 May 2009 - 09:19 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/226737/please-would-you-help-me/ ~ OB

DDS (Ver_09-05-14.01) - NTFSx86
Run by ThienTue at 21:14:28.60 on Wed 05/20/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.767.315 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ThienTue\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SmileyApp] c:\program files\doubled\juicyaccess toolbar\3.9.10.11860\stbapp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lovuzinofa] Rundll32.exe "c:\windows\system32\dogejuhu.dll",s
mRun: [Framework Windows] frmwrk32.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?9d111b205c1442ef91d77d9afaee5b99
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?9d111b205c1442ef91d77d9afaee5b99
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ff4780eb530 - c:\windows\system32\d3d8thk32.dll
AppInit_DLLs: WIKI.DLL c:\windows\system32\d3d8thk32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thientue\applic~1\mozilla\firefox\profiles\hrln82oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - JuicyAccess
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-2-27 9472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-20 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2009-1-21 19968]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\system32\drivers\Vnetusba.sys [2007-4-24 66943]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]

=============== Created Last 30 ================

2009-05-14 16:11 1,490 a------- c:\windows\system32\tmp.reg
2009-05-14 16:10 --d----- c:\documents and settings\thientue\SmitfraudFix
2009-05-13 19:24 1 a------- c:\windows\system32\uniq.tll
2009-05-11 17:28 268 a---h--- C:\sqmdata13.sqm
2009-05-11 17:28 244 a---h--- C:\sqmnoopt13.sqm
2009-05-09 17:37 --d----- c:\program files\System Search Dispatcher
2009-05-09 17:37 --d----- c:\program files\DoubleD
2009-05-06 16:06 --d----- c:\windows\system32\KB905474
2009-05-02 23:41 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-05-02 23:41 --d----- c:\program files\Hamachi
2009-04-26 19:40 172 a---h--- C:\sqmnoopt12.sqm
2009-04-26 19:40 172 a---h--- C:\sqmdata12.sqm
2009-04-26 19:15 268 a---h--- C:\sqmdata11.sqm
2009-04-26 19:15 244 a---h--- C:\sqmnoopt11.sqm
2009-04-24 23:11 --d----- c:\program files\Bamrealm

==================== Find3M ====================

2009-05-13 19:17 50,688 a--sh--- c:\windows\system32\hogumana.exe
2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 12:08 10,965 a------- c:\program files\err_log.txt
2009-03-19 12:07 585 a------- c:\program files\Dayfish.ini
2009-03-19 00:22 585 a------- c:\program files\Fish1.ini
2009-03-19 00:11 585 a------- c:\program files\cyberfish.ini
2009-03-17 23:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-27 13:58 221,184 a------- c:\windows\SnoopFreeUI.exe
2009-02-27 13:58 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe
2009-02-27 13:58 45,056 a------- c:\windows\SnoopFreeDll.dll
2008-09-15 06:56 381,699 -------- c:\program files\CyberFish 4.9.exe
2008-09-14 06:20 2,785,570 a------- c:\program files\CF Manual 4.9.rtf
2009-02-07 08:40 1,464 a--sh--- c:\windows\system32\GroupPolicy000.dat

============= FINISH: 21:14:47.98 ===============

Attached Files


Edited by Orange Blossom, 21 May 2009 - 11:03 PM.

SPYWARRRRRRRRRRRRRE!!!!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,808 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:18 PM

Posted 01 June 2009 - 11:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 04 June 2009 - 12:58 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by ThienTue at 12:53:40.89 on Thu 06/04/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.767.429 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\ThienTue\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SmileyApp] c:\program files\doubled\juicyaccess toolbar\3.9.10.11860\stbapp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lovuzinofa] Rundll32.exe "c:\windows\system32\dogejuhu.dll",s
mRun: [Framework Windows] frmwrk32.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?9d111b205c1442ef91d77d9afaee5b99
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?9d111b205c1442ef91d77d9afaee5b99
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ff4780eb530 - c:\windows\system32\d3d8thk32.dll
AppInit_DLLs: WIKI.DLL c:\windows\system32\d3d8thk32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thientue\applic~1\mozilla\firefox\profiles\hrln82oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - JuicyAccess
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-2-27 9472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-20 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2009-1-21 19968]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys --> c:\program files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\system32\drivers\Vnetusba.sys [2007-4-24 66943]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]

=============== Created Last 30 ================

2009-06-04 12:53 <DIR> --d-h--- c:\windows\PIF
2009-05-29 23:29 <DIR> --d----- c:\program files\OGPlanet
2009-05-26 11:33 268 a---h--- C:\sqmdata14.sqm
2009-05-26 11:33 244 a---h--- C:\sqmnoopt14.sqm
2009-05-14 16:11 1,490 a------- c:\windows\system32\tmp.reg
2009-05-14 16:10 <DIR> --d----- c:\documents and settings\thientue\SmitfraudFix
2009-05-11 17:28 268 a---h--- C:\sqmdata13.sqm
2009-05-11 17:28 244 a---h--- C:\sqmnoopt13.sqm
2009-05-09 17:37 <DIR> --d----- c:\program files\System Search Dispatcher
2009-05-09 17:37 <DIR> --d----- c:\program files\DoubleD
2009-05-06 16:06 <DIR> --d----- c:\windows\system32\KB905474

==================== Find3M ====================

2009-05-13 19:17 50,688 a--sh--- c:\windows\system32\hogumana.exe
2009-05-02 23:41 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 12:08 10,965 a------- c:\program files\err_log.txt
2009-03-19 12:07 585 a------- c:\program files\Dayfish.ini
2009-03-19 00:22 585 a------- c:\program files\Fish1.ini
2009-03-19 00:11 585 a------- c:\program files\cyberfish.ini
2009-03-17 23:08 410,984 a------- c:\windows\system32\deploytk.dll
2008-09-15 06:56 381,699 -------- c:\program files\CyberFish 4.9.exe
2008-09-14 06:20 2,785,570 a------- c:\program files\CF Manual 4.9.rtf
2009-02-07 08:40 1,464 a--sh--- c:\windows\system32\GroupPolicy000.dat

============= FINISH: 12:53:56.42 ===============

I have also scanned with many antispywares but they have all failed.

Attached Files


SPYWARRRRRRRRRRRRRE!!!!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,808 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:18 PM

Posted 04 June 2009 - 06:44 PM

Hello Randomguy68,

I've merged your latest topic to your previously existing topic. Please keep all posts regarding this issue to this topic by using the Add Reply button located near the bottom right of the topic. Starting new topics on the same issue confuses things for everyone involved and delays the assistance you receive.

An HiJack This team member will be with you soon.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 06 June 2009 - 11:14 AM

Hi Randomguy68,

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 06 June 2009 - 04:14 PM

ComboFix 09-06-05.09 - ThienTue 06/06/2009 15:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.767.453 [GMT -5:00]
Running from: c:\documents and settings\ThienTue\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ThienTue\Application Data\02000000bec44a8c530C.manifest
c:\documents and settings\ThienTue\Application Data\02000000bec44a8c530O.manifest
c:\documents and settings\ThienTue\Application Data\02000000bec44a8c530P.manifest
c:\documents and settings\ThienTue\Application Data\02000000bec44a8c530S.manifest
c:\documents and settings\ThienTue\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\ThienTue\Local Settings\Temporary Internet Files\stb06759.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\D3DX10d_39.dll
c:\windows\system32\drivers\ss.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hogumana.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_StreamSurge


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 03:32 . 2009-06-06 03:32 -------- d-----w- C:\ijji
2009-06-06 03:32 . 2009-06-03 22:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-06-06 03:32 . 2008-08-20 15:46 632280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PLauncher.exe
2009-06-06 03:32 . 2008-09-04 21:34 112048 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPrePLauncher.exe
2009-06-06 03:32 . 2008-08-28 17:50 480688 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjistarter2FxB.exe
2009-06-06 03:32 . 2008-08-28 17:50 83376 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreStarter2FxB.exe
2009-06-06 03:32 . 2008-08-28 17:50 50608 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiNotify2FxB.exe
2009-06-06 03:32 . 2009-06-06 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-06-06 03:32 . 2008-08-28 17:50 79280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreNotify2FxB.exe
2009-06-06 03:31 . 2009-06-06 03:31 -------- d-----w- c:\program files\NHN USA
2009-06-06 03:31 . 2009-05-26 22:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-06-06 03:31 . 2009-05-13 01:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-06-06 03:31 . 2008-06-12 04:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-06-06 03:31 . 2008-04-23 19:02 157152 ----a-w- c:\windows\system32\PubPlugin.dll
2009-06-04 23:00 . 2009-06-04 23:00 -------- d-----w- C:\Downloads
2009-06-04 17:53 . 2009-06-04 17:53 -------- d--h--w- c:\windows\PIF
2009-05-30 04:29 . 2009-05-30 04:29 -------- d-----w- c:\program files\OGPlanet
2009-05-19 02:30 . 2009-05-19 02:30 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-14 21:10 . 2009-05-14 21:11 -------- d-----w- c:\documents and settings\ThienTue\SmitfraudFix
2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w- c:\program files\System Search Dispatcher
2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w- c:\program files\DoubleD
2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w- c:\documents and settings\ThienTue\Local Settings\Application Data\DoubleD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 20:34 . 2009-03-19 17:46 117760 ----a-w- c:\documents and settings\ThienTue\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 03:39 . 2009-01-18 08:21 -------- d--h--w- c:\documents and settings\ThienTue\Application Data\ijjigame
2009-06-06 03:31 . 2007-04-24 06:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 01:02 . 2008-10-26 21:39 -------- d-----w- c:\program files\FlashGet
2009-05-30 17:16 . 2009-02-13 21:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-28 22:04 . 2009-05-03 04:41 -------- d-----w- c:\documents and settings\ThienTue\Application Data\Hamachi
2009-05-26 22:50 . 2008-10-22 23:47 -------- d-----w- c:\documents and settings\ThienTue\Application Data\LimeWire
2009-05-19 02:30 . 2009-02-07 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-03 04:41 . 2009-05-03 04:41 -------- d-----w- c:\program files\Hamachi
2009-05-03 04:41 . 2009-05-03 04:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-02 21:53 . 2009-05-02 21:53 -------- d-----w- c:\documents and settings\ThienTue\Application Data\vlc
2009-04-25 04:12 . 2009-04-25 04:11 -------- d-----w- c:\program files\Bamrealm
2009-04-19 23:53 . 2009-04-08 21:52 -------- d-----w- c:\program files\Softnyx
2009-04-09 00:24 . 2009-04-08 22:00 -------- d-----w- c:\documents and settings\ThienTue\Application Data\DNA
2009-04-08 22:01 . 2009-04-08 22:00 -------- d-----w- c:\program files\DNA
2009-04-06 20:32 . 2009-02-07 15:51 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-02-07 15:51 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-19 17:08 . 2009-03-19 04:39 10965 ----a-w- c:\program files\err_log.txt
2009-03-19 17:07 . 2009-03-19 16:52 585 ----a-w- c:\program files\Dayfish.ini
2009-03-19 05:22 . 2009-03-19 05:20 585 ----a-w- c:\program files\Fish1.ini
2009-03-19 05:11 . 2009-03-19 04:39 585 ----a-w- c:\program files\cyberfish.ini
2009-03-18 04:09 . 2009-03-18 04:09 503808 ----a-w- c:\documents and settings\ThienTue\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-670c83fe-n\msvcp71.dll
2009-03-18 04:09 . 2009-03-18 04:09 499712 ----a-w- c:\documents and settings\ThienTue\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-670c83fe-n\jmc.dll
2009-03-18 04:09 . 2009-03-18 04:09 348160 ----a-w- c:\documents and settings\ThienTue\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-670c83fe-n\msvcr71.dll
2009-03-18 04:08 . 2008-10-22 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-18 04:05 . 2009-03-18 04:05 152576 ----a-w- c:\documents and settings\ThienTue\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2008-09-15 11:56 . 2009-03-19 04:39 381699 ------w- c:\program files\CyberFish 4.9.exe
2008-09-14 11:20 . 2009-03-19 04:39 2785570 ----a-w- c:\program files\CF Manual 4.9.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-05 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
"F5D9050"="c:\program files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 1585152]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-18 67584]
"SnoopFreeUI"="SnoopFreeUI.exe" - c:\windows\SnoopFreeUI.exe [2009-02-27 221184]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"
"AntiVirusDisableNotify"="0x00000000"

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 5:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/20/2008 10:18 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [11/22/2008 1:53 PM 23064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des -service --> c:\windows\System32\GameMon.des -service [?]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\system32\drivers\Vnetusba.sys [4/24/2007 1:38 AM 66943]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\System32\DRIVERS\WUSB54GSCV2.sys --> c:\windows\System32\DRIVERS\WUSB54GSCV2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 23:39]

2009-06-06 c:\windows\Tasks\WGASetup.job
- c:\windows\System32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
HKCU-Run-SmileyApp - c:\program files\DoubleD\JuicyAccess Toolbar\3.9.10.11860\stbapp.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-lovuzinofa - c:\windows\System32\dogejuhu.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Framework Windows - frmwrk32.exe
Notify-ff4780eb530 - c:\windows\System32\d3d8thk32.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9d111b205c1442ef91d77d9afaee5b99
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9d111b205c1442ef91d77d9afaee5b99
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ThienTue\Application Data\Mozilla\Firefox\Profiles\hrln82oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - JuicyAccess
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 15:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\System32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SnoopFreeSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\MSN Messenger\Device Manager\msgrdvmn.exe
.
**************************************************************************
.
Completion time: 2009-06-06 15:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 20:36

Pre-Run: 11,206,373,376 bytes free
Post-Run: 11,613,904,896 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

207 --- E O F --- 2009-05-06 21:06
SPYWARRRRRRRRRRRRRE!!!!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 06 June 2009 - 06:09 PM

Hi Randomguy68,

Combofix has done a good job there.

Can you run an MBAM full scan and post a new DDS log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 07 June 2009 - 01:21 AM

Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

6/7/2009 1:20:46 AM
mbam-log-2009-06-07 (01-20-46).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 122580
Time elapsed: 29 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lovuzinofa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\ThienTue\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
SPYWARRRRRRRRRRRRRE!!!!

#9 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 07 June 2009 - 01:31 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by ThienTue at 1:29:56.68 on Sun 06/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.538 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe
C:\Documents and Settings\ThienTue\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SmileyApp] c:\program files\doubled\juicyaccess toolbar\3.9.10.11860\stbapp.exe
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Framework Windows] frmwrk32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d9050\Belkinwcui.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?9d111b205c1442ef91d77d9afaee5b99
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?9d111b205c1442ef91d77d9afaee5b99
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thientue\applic~1\mozilla\firefox\profiles\hrln82oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - JuicyAccess
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-2-27 9472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-20 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 StreamSurge;StreamSurge Driver;c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]
S3 USBFVNETA;Wireless USB Network Adapter;c:\windows\system32\drivers\vnetusba.sys --> c:\windows\system32\drivers\vnetusba.sys [?]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]

=============== Created Last 30 ================

2009-06-06 21:02 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-06 19:27 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-06-06 19:11 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-06 19:10 <DIR> --d----- c:\windows\peernet
2009-06-06 19:10 <DIR> --d----- c:\windows\provisioning
2009-06-06 19:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-06 19:05 <DIR> --d----- c:\windows\EHome
2009-06-06 18:23 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-06 18:22 2,048 -------- c:\windows\system32\drivers\rt73.bin
2009-06-06 18:22 <DIR> --d----- c:\program files\Belkin
2009-06-06 18:22 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-06 18:22 347,776 a------- c:\windows\system32\drivers\rt73.sys
2009-06-06 18:22 <DIR> --d----- c:\program files\BelkinUpdate
2009-06-06 17:01 <DIR> --d----- c:\windows\Cache
2009-06-06 15:59 <DIR> --d----- c:\windows\pss
2009-06-06 15:31 <DIR> a-dshr-- C:\cmdcons
2009-06-06 15:31 161,792 a------- c:\windows\SWREG.exe
2009-06-06 15:31 154,624 a------- c:\windows\PEV.exe
2009-06-06 15:31 98,816 a------- c:\windows\sed.exe
2009-06-05 22:32 <DIR> --d----- C:\ijji
2009-06-05 22:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ijjigame
2009-06-05 22:31 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-06-05 22:31 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-06-05 22:31 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-06-05 22:31 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-06-05 22:31 <DIR> --d----- c:\program files\NHN USA
2009-06-04 18:00 <DIR> --d----- C:\Downloads
2009-06-04 12:53 <DIR> --d-h--- c:\windows\PIF
2009-05-29 23:29 <DIR> --d----- c:\program files\OGPlanet
2009-05-26 11:33 268 a---h--- C:\sqmdata14.sqm
2009-05-26 11:33 244 a---h--- C:\sqmnoopt14.sqm
2009-05-14 16:10 <DIR> --d----- c:\documents and settings\thientue\SmitfraudFix
2009-05-11 17:28 268 a---h--- C:\sqmdata13.sqm
2009-05-11 17:28 244 a---h--- C:\sqmnoopt13.sqm
2009-05-09 17:37 <DIR> --d----- c:\program files\System Search Dispatcher
2009-05-09 17:37 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-06-06 19:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-06 18:50 2,678 a------- c:\windows\java\packages\data\JBBBN5JV.DAT
2009-06-06 18:50 2,678 a------- c:\windows\java\packages\data\LR1Z5BR7.DAT
2009-06-06 18:50 2,678 a------- c:\windows\java\packages\data\ECJDBZTR.DAT
2009-06-06 18:50 2,678 a------- c:\windows\java\packages\data\9RFBLZJP.DAT
2009-06-06 18:50 2,678 a------- c:\windows\java\packages\data\733RD33D.DAT
2009-05-02 23:41 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-19 12:08 10,965 a------- c:\program files\err_log.txt
2009-03-19 12:07 585 a------- c:\program files\Dayfish.ini
2009-03-19 00:22 585 a------- c:\program files\Fish1.ini
2009-03-19 00:11 585 a------- c:\program files\cyberfish.ini
2009-03-17 23:08 410,984 a------- c:\windows\system32\deploytk.dll
2008-09-15 06:56 381,699 -------- c:\program files\CyberFish 4.9.exe
2008-09-14 06:20 2,785,570 a------- c:\program files\CF Manual 4.9.rtf

============= FINISH: 1:30:06.87 ===============
SPYWARRRRRRRRRRRRRE!!!!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 07 June 2009 - 05:10 AM

Okay, that looks good.

Please do a final scan for me.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 07 June 2009 - 11:18 PM

Sorry for responding so late this scan kept freezing up and took me forever.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 08, 2009 04:19:17
Records in database: 2325302
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
G:\

Scan statistics:
Files scanned: 46809
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:07:19


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\hogumana.exe.vir Infected: Packed.Win32.Krap.q 1

The selected area was scanned.
SPYWARRRRRRRRRRRRRE!!!!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 08 June 2009 - 08:03 AM

Hi Randomguy68,

The only result is quarantined by Combofix which will be removed now.

Good stuff! :thumbup2:

Let's firstly do some housekeeping

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Please download OTCleanIt and save it to Desktop.


Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
That's it Randomguy68, happy surfing!

Cheers,


m0le

Edited by m0le, 08 June 2009 - 04:42 PM.
Changed OTC link

Posted Image
m0le is a proud member of UNITE

#13 Randomguy68

Randomguy68
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 08 June 2009 - 04:30 PM

It says 404 not found for ot clean link

Edited by Randomguy68, 08 June 2009 - 04:38 PM.

SPYWARRRRRRRRRRRRRE!!!!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 08 June 2009 - 04:41 PM

Sorry, they pulled that link by the looks of it.

Try this

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:18 AM

Posted 11 June 2009 - 04:25 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Edited by m0le, 11 June 2009 - 04:26 PM.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users