Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! My Pc Has Been Hijacked!


  • Please log in to reply
9 replies to this topic

#1 pvandenh

pvandenh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 26 June 2007 - 07:58 AM

Hi,
First time poster here.

I have come accross this site in my search for assistance to my hijacked PC. While browsing the net for a new antivirus software, I stumbled across a file I shouldn't have. Needless to say, I now have the same hijacking issue that most people posting on this forum seem to have in the last few months.

I have since been getting winantivirus/888/davinci popups (+ more) randomly. I have since updated my Antivirus (mcafee) and updated my Microsoft Defender software in a bid to remove this issue. Both find and supposedly fix the affected issues, but upon reboot the same issue keeps happening anyway.
From my reading of the forum, I see that you may be able to assist me based on my hijackthis log.

Have attached below. Hoping you can help.
----

Logfile of HijackThis v1.99.1
Scan saved at 10:40:13 PM, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
D:\DVD Region Killer\RegKillTray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe "
O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RegKillElbyCheck] "D:\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "D:\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [ati control panel] atiphexx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4B472E57-3588-48A0-A3F6-A39153697A22} (NationalPhotosUploadControl.npUpload) - http://www.kodakdirect.com.au/UploadControl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126409960750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qivcprcx.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:48 PM

Posted 29 June 2007 - 09:52 PM

Your log is missing some entries that are normally present, and that may be a sign of malware which intentionally hides from HijackThis.

To get these entries to show, please open the folder where you saved HijackThis
Right-click HijackThis.exe, and select: Rename
Rename Hijackthis.exe to HJT.exe or whatever you like

~~~~
Next, run HijackThis, Scan
Check box for:

O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [ati control panel] atiphexx.exe

Select: Fix checked

~~~~
Next, download AVG Anti-Spyware:
http://www.ewido.net/en/download/
Locate the icon on the Desktop and double-click it to launch the program.

Now, update the definition files:
On the main screen select Update, and then select the Update Now link.
Next, select the Start Update button
(The update starts and a progress bar shows the updates installed.)

Once the update completes select: Scanner (the top of the screen)
Select the Settings tab
Once in the Settings screen click on: Recommended actions
Select: Quarantine
Under: Reports, select: Automatically generate report after every scan
Un-Select: Only if threats were found
Close AVG AS for now.

~~~~
Reboot to Safe Mode :
-When the machine starts again, tap the F8 key before Windows starts
-You are presented with a Windows XP Advanced Options menu.
-Select the option for Safe Mode using the arrow keys.
-Press Enter to boot into Safe Mode.

~~~~
In Safe Mode, launch AVG AS once again
Select: Scanner (at the top)
Select the Scan tab
Click on: Complete System Scan
AVG AS begins the scanning process, and it may take a while.
Please do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning process!!

Once the scan is complete, AVG AS lists any infections found.
It also automatically sets the recommended action.
Click: Apply all actions
AVG AS will then display: All actions have been applied

Next select: Reports (at the top)
Select: Save report as (lower left of the screen)
Save the report to a text file in a location where you can find it!
Close AVG AS.

~~~~
Restart the computer.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the following:
The AVG AS report
A new HijackThis log

Old duck...


#3 pvandenh

pvandenh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 30 June 2007 - 07:58 AM

Hi,

I ran exactly as requested.

AVG AS found about 20 items, and "actioned done" appeared as suggested. The report didn't however (I double checked that it was marked in settings to create a report every scan). Can't see where and if I might have gone wrong with your instructions.

Here is my HJT log report after all said and done though.


Thanks.

---------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:52:08 PM, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
D:\DVD Region Killer\RegKillTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\HijackThis\HJT.exe
C:\WINDOWS\system32\NOTEPAD.EXE

F2 - REG:system.ini: Shell=explorer.exe "
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\hmxfpwle.dll
O2 - BHO: (no name) - {529EEFB1-B101-43DF-9205-FE4038C34C82} - C:\WINDOWS\system32\ssttr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\cbxutsp.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RegKillElbyCheck] "D:\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "D:\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4B472E57-3588-48A0-A3F6-A39153697A22} (NationalPhotosUploadControl.npUpload) - http://www.kodakdirect.com.au/UploadControl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126409960750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O20 - Winlogon Notify: cbxutsp - C:\WINDOWS\SYSTEM32\cbxutsp.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qivcprcx.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:48 PM

Posted 30 June 2007 - 07:56 PM

Try the following:
AVG Anti-Spyware saved reports are accessible from the Reports icon (at top).

Run AVG AS
Click on the icon (Reports) and select the report from the list in the left panel.
The selected report is displayed in the right panel, and the Save report as button on the lower left becomes active.

Click the Save report as, and post it in your reply.

~~~~
Please run HijackThis, Scan
Check box for:

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\hmxfpwle.dll
O2 - BHO: (no name) - {529EEFB1-B101-43DF-9205-FE4038C34C82} - C:\WINDOWS\system32\ssttr.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\cbxutsp.dll

O20 - Winlogon Notify: cbxutsp - C:\WINDOWS\SYSTEM32\cbxutsp.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qivcprcx.exe (file missing)

Select: Fix checked

~~~~
Next, download the following to the Desktop:
VundoFix.exe
* Double-click VundoFix.exe to run it
* Click: Scan for Vundo
* Once done scanning, click: Remove Vundo
* A prompt asking if you want to remove the files appears, click: Yes
* The Desktop goes blank as it starts removing Vundo.
* When completed, a prompt to shutdown the computer appears, click OK
* Turn the computer back on.

A log is created and found in C:\vundofix.txt

~~~~
Also download ComboFix to the Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

A log, combofix.txt is produced.

~~~~
Please post the C:\vundofix.txt, the ComboFix report, and a new HijackThis log.

Edited by Aaflac, 30 June 2007 - 10:02 PM.

Old duck...


#5 pvandenh

pvandenh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 01 July 2007 - 04:57 AM

Hi,

I re-ran AVG AS complete scan, but again no report created. I can see where it should create, and smaller memory scans are creating the report correctly in the Reports tab, but nothing creates when I do the "complete scan" (which takes about 3 hrs to run).

I have done the vundofix and combofix as requested. See below for logs (and also a current HJT log).

------------------


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 7:16:00 PM 1/07/2007

Listing files found while scanning....

C:\windows\system32\cbxutsp.dll
C:\windows\system32\fwnquwui.dll
C:\windows\system32\ggmjgekm.ini
C:\windows\system32\hmxfpwle.dll
C:\windows\system32\hnummhqk.ini
C:\windows\system32\iuwuqnwf.ini
C:\WINDOWS\system32\jktxfcmv.dll
C:\windows\system32\kqhmmunh.dll
C:\windows\system32\lyrsledm.dll
C:\WINDOWS\system32\mdlbvoxu.dll
C:\windows\system32\mkegjmgg.dll
C:\windows\system32\rttss.bak1
C:\windows\system32\rttss.bak2
C:\windows\system32\rttss.ini
C:\windows\system32\rttss.ini2
C:\windows\system32\rttss.tmp
C:\WINDOWS\system32\ssttr.dll
C:\windows\system32\tctlhvbu.ini
C:\windows\system32\ubvhltct.dll

Beginning removal...

Attempting to delete C:\windows\system32\cbxutsp.dll
C:\windows\system32\cbxutsp.dll Has been deleted!

Attempting to delete C:\windows\system32\fwnquwui.dll
C:\windows\system32\fwnquwui.dll Has been deleted!

Attempting to delete C:\windows\system32\ggmjgekm.ini
C:\windows\system32\ggmjgekm.ini Has been deleted!

Attempting to delete C:\windows\system32\hmxfpwle.dll
C:\windows\system32\hmxfpwle.dll Has been deleted!

Attempting to delete C:\windows\system32\hnummhqk.ini
C:\windows\system32\hnummhqk.ini Has been deleted!

Attempting to delete C:\windows\system32\iuwuqnwf.ini
C:\windows\system32\iuwuqnwf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jktxfcmv.dll
C:\WINDOWS\system32\jktxfcmv.dll Has been deleted!

Attempting to delete C:\windows\system32\kqhmmunh.dll
C:\windows\system32\kqhmmunh.dll Has been deleted!

Attempting to delete C:\windows\system32\lyrsledm.dll
C:\windows\system32\lyrsledm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mdlbvoxu.dll
C:\WINDOWS\system32\mdlbvoxu.dll Has been deleted!

Attempting to delete C:\windows\system32\mkegjmgg.dll
C:\windows\system32\mkegjmgg.dll Has been deleted!

Attempting to delete C:\windows\system32\rttss.bak1
C:\windows\system32\rttss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\rttss.bak2
C:\windows\system32\rttss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\rttss.ini
C:\windows\system32\rttss.ini Has been deleted!

Attempting to delete C:\windows\system32\rttss.ini2
C:\windows\system32\rttss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\rttss.tmp
C:\windows\system32\rttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Attempting to delete C:\windows\system32\tctlhvbu.ini
C:\windows\system32\tctlhvbu.ini Has been deleted!

Attempting to delete C:\windows\system32\ubvhltct.dll
C:\windows\system32\ubvhltct.dll Has been deleted!

Performing Repairs to the registry.
Done!

----------------------------
ComboFix 07-06-18.2 - C:\Documents and Settings\Peter Van Den Hooven\Desktop\ComboFix.exe
"Peter Van Den Hooven" - 2007-07-01 19:26:36 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\PETERV~1\Desktop\internet.lnk


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 19:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 19:16 <DIR> d-------- C:\VundoFix Backups
2007-06-30 19:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 07:17 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-26 06:34 4,572 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-25 06:09 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee
2007-06-24 22:38 4,672 --a------ C:\WINDOWS\system32\qkuvygdf.exe
2007-06-24 19:51 45,056 --a------ C:\WINDOWS\AutoUpdateWin32.exe
2007-06-24 19:51 32,768 --a------ C:\WINDOWS\AutoUpdateWin33.exe
2007-06-24 11:30 <DIR> d-------- C:\DOCUME~1\PETERV~1\APPLIC~1\McAfee
2007-06-24 10:12 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-06-24 10:10 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-06-24 10:10 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-06-24 10:10 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-06-24 10:10 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-06-24 10:10 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-06-24 10:10 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-24 10:08 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-18 17:37 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-18 14:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-13 13:59 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 09:24:43 -------- d-----w C:\DOCUME~1\PETERV~1\APPLIC~1\Skype
2007-07-01 09:21:20 -------- d-----w C:\Program Files\McAfee
2007-06-24 10:16:34 -------- d-----w C:\DOCUME~1\PETERV~1\APPLIC~1\ZipGenius
2007-06-24 02:27:34 -------- d-----w C:\Program Files\PokerStars
2007-06-24 00:23:28 -------- d-----w C:\Program Files\McAfee.com
2007-06-18 04:28:23 -------- d-----w C:\Program Files\QuickTime
2007-06-18 04:25:05 -------- d-----w C:\Program Files\iPod
2007-06-12 23:45:22 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-12 23:42:16 -------- d-----w C:\Program Files\ScreenArt
2007-06-12 23:41:54 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-12 23:37:31 -------- d-----w C:\Program Files\AIM Productions
2007-05-21 10:30:28 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-21 09:33:59 0 -c--a-w C:\WINDOWS\brdfxspd.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]
{98D81602-B322-4E1E-872C-CBBAAF609B9C}=C:\WINDOWS\system32\ssttr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"RegKillElbyCheck"="D:\DVD Region Killer\ElbyCheck.exe" [2001-12-06 22:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]
"RegKillTray"="D:\DVD Region Killer\RegKillTray.exe" [2002-04-13 23:42]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 09:16]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34]
"nwiz"="nwiz.exe" [2005-04-22 12:54 C:\WINDOWS\system32\nwiz.exe]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 09:57]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2005-11-15 18:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]
"Skype"="D:\Skype\Phone\Skype.exe" [2006-10-13 16:20]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=msconfg.exe
"ati control panel"=atiphexx.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 22:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-24 05:08:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-24 00:09:44 C:\WINDOWS\tasks\McDefragTask.job
2007-06-24 00:09:42 C:\WINDOWS\tasks\McQcTask.job
2007-07-01 09:39:15 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 19:40:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-07-01 19:46:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 19:45

--- E O F ---
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\PETERV~1\Desktop\internet.lnk


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


---------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:56, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\DVD Region Killer\RegKillTray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\ComboFix\catchme.cfexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter Van Den Hooven\Desktop\HJT.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {98D81602-B322-4E1E-872C-CBBAAF609B9C} - C:\WINDOWS\system32\ssttr.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RegKillElbyCheck] "D:\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegKillTray] "D:\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4B472E57-3588-48A0-A3F6-A39153697A22} (NationalPhotosUploadControl.npUpload) - http://www.kodakdirect.com.au/UploadControl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126409960750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:48 PM

Posted 01 July 2007 - 10:41 PM

With all other windows closed, please run HijackThis, Scan
Check box for:

O2 - BHO: (no name) - {98D81602-B322-4E1E-872C-CBBAAF609B9C} - C:\WINDOWS\system32\ssttr.dll (file missing)

Select: Fix checked

~~~~
Access the HijackThis program Misc Tools as follows:
Click on Config
Click on Misc Tools
Click on Delete a File on Reboot
In the File Name field of the Enter File to be Deleted window, copy/paste:

C:\WINDOWS\system32\qkuvygdf.exe

Press the Open button
(You are notified that the file in question will be deleted on reboot)
Click Yes when asked whether you want to restart the computer

~~~~
After the restart, please download SuperAntiSpyware Home Edition Free Version
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.

Old duck...


#7 pvandenh

pvandenh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 03 July 2007 - 06:27 AM

Hi,

I have done as requested. See logs below.

Thanks again.

---------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2007 at 09:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3264
Trace Rules Database Version: 1275

Scan type : Complete Scan
Total Scan Time : 00:46:28

Memory items scanned : 619
Memory threats detected : 0
Registry items scanned : 6639
Registry threats detected : 27
File items scanned : 36447
File threats detected : 23

Trojan.Downloader-ChinaHot
HKLM\Software\Classes\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\InprocServer32
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\InprocServer32#ThreadingModel
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\ProgID
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\Programmable
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\TypeLib
HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\VersionIndependentProgID
C:\WINDOWS\AUTOUPDATEWIN31.DLL
HKCR\SampleTrack.AleTrack
HKCR\SampleTrack.AleTrack\CLSID
HKCR\SampleTrack.AleTrack\CurVer
HKCR\SampleTrack.AleTrack.1
HKCR\SampleTrack.AleTrack.1\CLSID
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\0
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\0\win32
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\FLAGS
HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\HELPDIR
HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}
HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\ProxyStubClsid
HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\ProxyStubClsid32
HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\TypeLib
HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\TypeLib#Version

Adware.Tracking Cookie
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@hitbox[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@cpvfeed[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@888[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@www.drivecleaner[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@stats1.reliablestats[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@atdmt[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@www.amaena[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@doubleclick[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@cassava[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@winantivirus[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@mediaplex[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@ehg-newsinteractive.hitbox[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@media.sensis.com[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@partygaming.122.2o7[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@cgi-bin[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@stats.drivecleaner[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@drivecleaner[2].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@www.web-stat[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@partypoker[1].txt
C:\Documents and Settings\Peter Van Den Hooven\Cookies\peter van den hooven@ad.zanox[2].txt

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1085031214-842925246-725345543-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.Downloader-Gen/HitItQuitIt
C:\DOCUMENTS AND SETTINGS\PETER VAN DEN HOOVEN\DESKTOP\BACKUPS\BACKUP-20070701-191152-795.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4AE012C-3F25-4A59-B487-F6B02BDF5E1D}\RP503\A0037422.DLL
--------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:25, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\DVD Region Killer\RegKillTray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter Van Den Hooven\Desktop\HJT.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RegKillElbyCheck] "D:\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegKillTray] "D:\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4B472E57-3588-48A0-A3F6-A39153697A22} (NationalPhotosUploadControl.npUpload) - http://www.kodakdirect.com.au/UploadControl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126409960750
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D24BA55-1EFD-4A1C-809D-E705CF42E8EB}: NameServer = 203.8.183.1,192.189.54.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:48 PM

Posted 03 July 2007 - 06:05 PM

The HijackThis log looks OK. No apparent malware issues.

Are you still having the problems you were experiencing before?

Old duck...


#9 pvandenh

pvandenh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 04 July 2007 - 04:30 AM

Hi,

All apears to be working as normal again now.
Thanks for you assistance. Was appreciated.

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:48 PM

Posted 04 July 2007 - 09:49 PM

:thumbsup:

You can remove VundoFix and ComboFix, as well as the C:\Qoobox folder (part of ComboFix.


If you are not having malware problems, you are good to go!

Take a good look at the following suggestions to remain malware free:
Tony Kleinís article 'How Did I Get Infected In The First Place'
http://forums.spywareinfo.com/index.php?showtopic=60955

Thank you for your patience, and performing the procedures requested.
If you have any questions or comments, post back. Otherwise...


Good luck, and safe journey through the Internet!!

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users