Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Double Checking Log


  • Please log in to reply
6 replies to this topic

#1 Naming Is Hard

Naming Is Hard

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 02 June 2007 - 08:04 AM

Hello everyone ^^

Normally im the only one that touches my computer so i don't have any problems, but my fathers, girlfriends, child decided to get on while i was sleeping and download lots of crap.
When i got on Nod32 was throwing up all kinds of red flags, i was getting pop-ups and all that good stuff.

I updated and ran Spybot S&D along with Nod32 and a few other things, i just wanted to make sure everything was good heres my log.

Logfile of HijackThis v1.99.1
Scan saved at 6:57:20 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program files\Mozilla Firefox\firefox.exe
C:\HJT\abc.bat.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX00.141\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CE8C3FA-9B61-4024-B743-6157779C075F} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ALaunchCombo.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284675133
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284670226
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 02 June 2007 - 08:54 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Naming Is Hard :thumbsup:

My name is Richie and i'll be helping you to fix your problems.

Please move HijackThis.exe to a permanent folder on the hard drive such as C:\HJT
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary. If HijackThis is used from a temp folder it is in danger of being accidentally deleted by Disk Cleanup or similar tools.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.

***************************

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf then click on 'Install'.
After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.

***************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

***************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Naming Is Hard

Naming Is Hard
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 02 June 2007 - 08:01 PM

VundoFix V6.4.1

Checking Java version...

Scan started at 4:24:03 AM 6/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\sstqq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\qqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.tmp
C:\WINDOWS\system32\qqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 12:31:22 PM 6/2/2007

Listing files found while scanning....

No infected files were found.


ComboFix:

"Ryan" - 2007-06-02 14:37:37 Service Pack 2 NTFS
ComboFix 07-06-2.5.Ex - Running from: "C:\Documents and Settings\Ryan\Desktop\"


((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))


2007-06-02 06:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 05:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-02 04:24 <DIR> d-------- C:\VundoFix Backups
2007-06-02 04:17 <DIR> d-------- C:\HJT
2007-06-02 03:45 2,580 --a------ C:\WINDOWS\system32\slijyjuk.exe
2007-06-02 00:43 131,124 --a------ C:\WINDOWS\system32\smtvablm.dll
2007-06-02 00:41 2,580 --a------ C:\WINDOWS\system32\vnmokitc.exe
2007-06-02 00:35 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-06-02 00:35 <DIR> d-------- C:\Temp\x2b
2007-06-02 00:35 <DIR> d-------- C:\Temp
2007-05-30 17:34 <DIR> d-------- C:\Program Files\PowerQuest
2007-05-28 01:52 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-05-28 01:49 <DIR> d-------- C:\WINDOWS\system32\Flash
2007-05-28 01:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-05-28 01:48 <DIR> d-------- C:\Program Files\TechSmith
2007-05-28 00:46 <DIR> d-------- C:\Program Files\Audacity
2007-05-26 18:48 <DIR> d-------- C:\Program Files\Gizmo Project
2007-05-26 16:28 <DIR> d-------- C:\Program Files\mIRC
2007-05-23 12:13 <DIR> d-------- C:\Program Files\CDBurnerXP Pro 3
2007-05-23 10:52 <DIR> d-------- C:\Program Files\Multiverse Tools
2007-05-22 17:36 <DIR> d-------- C:\Program Files\Multiverse Client
2007-05-20 15:13 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\CrystalSpace
2007-05-20 15:13 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\CrystalApp
2007-05-20 11:01 <DIR> d-------- C:\wamp
2007-05-20 10:40 <DIR> d-------- C:\Scripts
2007-05-20 10:32 <DIR> d-------- C:\Program Files\PHP
2007-05-20 08:39 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-05-20 08:39 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-19 22:02 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\gtk-2.0
2007-05-19 22:01 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\.purple
2007-05-19 22:00 <DIR> d-------- C:\Program Files\Pidgin
2007-05-19 22:00 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-05-19 21:17 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-05-19 21:17 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-19 17:09 <DIR> d-------- C:\Apache2.2
2007-05-19 13:04 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-18 23:14 <DIR> d--h----- C:\DOCUME~1\Ashley\APPLIC~1\Move Networks
2007-05-18 22:38 <DIR> d-------- C:\DOCUME~1\Ashley\APPLIC~1\ATI
2007-05-18 22:37 1,310,720 --ah----- C:\DOCUME~1\Ashley\NTUSER.DAT
2007-05-18 22:37 <DIR> d-------- C:\DOCUME~1\Ashley\APPLIC~1\Real
2007-05-18 22:37 <DIR> d-------- C:\DOCUME~1\Ashley\APPLIC~1\MSN6
2007-05-18 22:37 <DIR> d-------- C:\DOCUME~1\Ashley\APPLIC~1\InterTrust
2007-05-18 22:37 <DIR> d-------- C:\DOCUME~1\Ashley\APPLIC~1\Help
2007-05-18 09:48 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-05-17 08:16 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Thinstall
2007-05-17 07:56 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-05-15 18:24 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-05-06 00:05 <DIR> d-------- C:\Program Files\CDisplay


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 20:36:49 -------- d-----w C:\Program Files\PeerGuardian2
2007-06-02 10:01:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 06:18:34 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\uTorrent
2007-06-02 01:14:35 -------- d-----w C:\Program Files\MSN Messenger
2007-06-02 01:12:15 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\.purple
2007-06-01 23:49:06 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Skype
2007-05-28 22:43:09 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-27 03:16:35 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-24 04:11:02 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Vidalia
2007-05-20 14:44:20 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-17 19:41:53 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Tor
2007-05-15 07:22:20 -------- d-----w C:\Program Files\Viewpoint
2007-05-11 00:47:52 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-08 00:26:30 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\dvdcss
2007-05-01 18:39:59 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\TVU Networks
2007-04-29 00:54:12 -------- d-----w C:\Program Files\WinPcap
2007-04-27 01:51:11 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-04-27 00:49:59 -------- d-----w C:\Program Files\DAEMON Tools
2007-04-26 05:14:15 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-25 04:15:54 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Xfire
2007-04-25 03:53:22 -------- d-s---w C:\Program Files\Xfire
2007-04-25 03:37:24 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Ventrilo
2007-04-25 03:33:27 -------- d-----w C:\Program Files\Ventrilo
2007-04-23 22:27:30 -------- d-----w C:\Program Files\SBC Yahoo!
2007-04-23 22:27:12 -------- d-----w C:\Program Files\Yahoo!
2007-04-23 22:21:32 -------- d-----w C:\Program Files\2Wire
2007-04-23 21:32:02 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\ATI
2007-04-23 21:02:51 -------- d-----w C:\Program Files\ATI Technologies
2007-04-23 02:52:45 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Media Player Classic
2007-04-23 02:35:38 -------- d-----w C:\Program Files\Browser Mouse
2007-04-23 01:52:44 10,019 ----a-w C:\WINDOWS\mozver.dat
2007-04-23 01:49:25 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-04-23 01:44:13 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\TrueCrypt
2007-04-23 01:44:02 -------- d-----w C:\Program Files\TrueCrypt
2007-04-23 01:35:12 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\vlc
2007-04-23 01:27:42 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Apple Computer
2007-04-23 01:27:22 -------- d-----w C:\Program Files\iPod
2007-04-23 01:26:47 -------- d-----w C:\Program Files\QuickTime
2007-04-23 01:06:23 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Aim
2007-04-23 01:06:21 -------- d-----w C:\Program Files\AIM
2007-04-23 01:05:49 -------- d-----w C:\Program Files\AOD
2007-04-23 00:57:37 -------- d-----w C:\Program Files\Messenger
2007-04-23 00:40:53 -------- d-----w C:\Program Files\Common Files\Real
2007-04-23 00:38:59 -------- d-----w C:\Program Files\Sony
2007-04-23 00:31:04 -------- d-----w C:\Program Files\Skype
2007-04-23 00:18:48 -------- d-----w C:\Program Files\Movie Maker
2007-04-23 00:17:24 -------- d-----w C:\Program Files\Windows NT
2007-04-23 00:11:33 -------- d-----w C:\Program Files\Common Files\Skype
2007-04-22 23:57:03 -------- d-----w C:\Program Files\Winamp
2007-04-22 23:26:29 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\Viewpoint
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-05 00:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-05 00:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 22:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-12 22:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 22:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 18:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2006-06-20 08:10]
{53707962-6F74-2D53-2644-206D7942484F}=D:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{5CE8C3FA-9B61-4024-B743-6157779C075F}=C:\WINDOWS\system32\sstqq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" []
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-05-25 05:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-19 21:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALaunchCombo.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ALaunchCombo.exe
backup=C:\WINDOWS\pss\ALaunchCombo.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
"C:\Program Files\Gizmo Project\Gizmo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"d:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
"D:\Program Files\Vidalia\vidalia.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
c:\program files\support.com\client\lserver\server.vbs

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 14:39:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-06-02 14:40:14
C:\ComboFix-quarantined-files.txt ... 2007-06-02 14:40
C:\ComboFix2.txt ... 2007-06-02 06:46

--- E O F ---

Edited by Naming Is Hard, 02 June 2007 - 08:02 PM.


#4 Naming Is Hard

Naming Is Hard
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 02 June 2007 - 08:04 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:00:54 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program files\iTunes\iTunes.exe
C:\WINDOWS\explorer.exe
D:\Program files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\My Games\playonline\SquareEnix\PlayOnlineViewer\pol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CE8C3FA-9B61-4024-B743-6157779C075F} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ALaunchCombo.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284675133
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284670226
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 03 June 2007 - 02:44 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\slijyjuk.exe
C:\WINDOWS\system32\smtvablm.dll
C:\WINDOWS\system32\vnmokitc.exe

Folders to delete:
C:\WINDOWS\system32\T1QaSQ
C:\Temp\x2b
C:\Program Files\Viewpoint
C:\DOCUME~1\Ryan\APPLIC~1\Viewpoint

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

*****************************

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {5CE8C3FA-9B61-4024-B743-6157779C075F} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Exit Hijackthis.

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Edited by RichieUK, 03 June 2007 - 02:45 AM.

Posted Image
Posted Image

#6 Naming Is Hard

Naming Is Hard
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 03 June 2007 - 11:34 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\txkkqwqn

*******************

Script file located at: \??\C:\WINDOWS\system32\hxijvisi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\slijyjuk.exe deleted successfully.
File C:\WINDOWS\system32\smtvablm.dll deleted successfully.
File C:\WINDOWS\system32\vnmokitc.exe deleted successfully.
Folder C:\WINDOWS\system32\T1QaSQ deleted successfully.
Folder C:\Temp\x2b deleted successfully.
Folder C:\Program Files\Viewpoint deleted successfully.
Folder C:\DOCUME~1\Ryan\APPLIC~1\Viewpoint deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/03/2007 at 10:00 PM

Application Version : 3.8.1002

Core Rules Database Version : 3248
Trace Rules Database Version: 1259

Scan type : Complete Scan
Total Scan Time : 01:30:07

Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 4751
Registry threats detected : 0
File items scanned : 104624
File threats detected : 23

Adware.Tracking Cookie
C:\Documents and Settings\Ryan\Cookies\ryan@edge.ru4[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ar.atwola[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@atwola[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@exitexchange[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@as-us.falkag[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@mediaplex[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@revsci[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@casalemedia[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@clicks.emarketmakers[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@cpvfeed[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@doubleclick[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ads.pointroll[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.euroclick[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@bs.serving-sys[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
C:\Documents and Settings\Ryan\Cookies\ryan@ad.zanox[1].txt

Logfile of HijackThis v1.99.1
Scan saved at 10:30:17 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program files\Mozilla Firefox\firefox.exe
D:\Program files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: ALaunchCombo.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284675133
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177284670226
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 04 June 2007 - 01:50 AM

Your log is clean,hows your pc running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users