Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finished With The Preparation Guide For Hijackthis Log


  • Please log in to reply
16 replies to this topic

#1 Sprinks

Sprinks

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 07 July 2007 - 07:16 PM

I believe I have been hijacked, every time I access the internet I get pop-ups that warn me about my computer being infected. Here are some of the programs that pop up;
URL.CPVFEED.COM
Altnet
Smitfraud-C.CoreService

I have a Dell computer
Dell Dimension 8250 with an Intel Pentium 4 CPU, 2.80 GHz and 512 MB of ram.
Windows XP home edition version 2002 with service pack 2.

I use Bsecure Internet Protection Services v.4.5 for my Content Filter, AntiVirus, Firewall and Popup Blocker.

Below is the results of running HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:48 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\blolgxjk.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christianity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xdlbpgqt.dll",forkonce
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\ouviewer.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ouviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/11425dcdb715821ff123/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\blolgxjk.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ipxmontr - Unknown owner - C:\WINDOWS\ipxmontr.exe (file missing)
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10713 bytes

Thank you for your help,
Sprinks

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 14 July 2007 - 09:45 PM

Hello Sprinks,

Our apologies for the delay. We have many logs backed up and waiting.


Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world.!

You need to install an antivirus program as soon as you can and run a complete scan of the computer.
Ewido, Adaware, PestPatrol are antispyware programs, not an antivirus program.


I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!






1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
If you have Norton Antivirus installed then disable script blocking so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Edited by SifuMike, 14 July 2007 - 09:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 15 July 2007 - 03:15 PM

Thanks so much for your assistance SifuMike. Your humble apology (though not necessary) is accepted.
I downloaded and ran the ComboFix program as instructed. The only .txt file I could find is below (I hope this isn't the ComboFix-quarantined-files.txt) I wasn't sure where to access the ComboFix log file. Regarding the anti-virus program, I use Bsecure Internet Protection Services v.4.5 for my Content Filter, AntiVirus, Firewall and Popup Blocker. I'm not sure why Bsecure's firewall would not be evident? Could it be due to the Windows firewall that has automatically set it's self up as well? I've read elsewhere on this web site that running two firewall's at the same time is not a good thing, but I cant' seem to be able to turn off the Windows firewall. If I open up the Windows firewall through the control panel the "turn off firewall" option is greyed out and will not allow me to select it. If you could give some direction to correct that as well I would appreciate it.
Below are the two logs you requested. Thanks again for your assistance.


- 2007-07-15 14:21:01 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mkgbvbwi.dll
C:\WINDOWS\system32\tjkafujj.dll
C:\WINDOWS\system32\dtfqtdjf.dll
C:\WINDOWS\SYSTEM32\cccdd.bak1
C:\WINDOWS\SYSTEM32\cccdd.bak2
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\SYSTEM32\jjufakjt.ini
C:\WINDOWS\SYSTEM32\cccdd.bak1
C:\WINDOWS\SYSTEM32\cccdd.bak2
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\byxutss.dll
C:\WINDOWS\system32\byxutss.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{0C707~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\acbmqvin.exe
C:\WINDOWS\system32\bav.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\isncsxje.exe
C:\WINDOWS\system32\ouviewer.dll
C:\WINDOWS\system32\pkqnesby.exe
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\wnscpicomsv.exe
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ystem3~1\m?hta.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETDOWN
-------\core
-------\DomainService
-------\NETDown
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))


2007-07-15 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 20:18 128,576 --a------ C:\WINDOWS\SYSTEM32\qitssrqt.dll
2007-07-12 14:09 66,624 --a------ C:\WINDOWS\SYSTEM32\vfrorcay.dll
2007-07-12 14:07 66,112 --a------ C:\WINDOWS\SYSTEM32\kdkwsvua.exe
2007-07-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-05 19:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 12:22 <DIR> d-------- C:\DOCUME~1\KENDRI~1\.housecall6.6
2007-07-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 18:52 128,576 --a------ C:\WINDOWS\SYSTEM32\ynbyfwjt.dll
2007-06-29 18:49 122,944 --a------ C:\WINDOWS\SYSTEM32\lrbklxaq.exe
2007-06-28 18:46 122,944 --a------ C:\WINDOWS\SYSTEM32\yiamaogf.exe
2007-06-24 21:58 4,672 --a------ C:\WINDOWS\SYSTEM32\drprkiak.exe
2007-06-22 18:00 62,560 --a------ C:\WINDOWS\SYSTEM32\cbckrldn.dll
2007-06-22 15:01 2,624 --a------ C:\WINDOWS\SYSTEM32\hvygkmdc.exe
2007-06-22 14:58 124,480 --a------ C:\WINDOWS\SYSTEM32\teyedaxc.dll
2007-06-22 14:58 122,944 --a------ C:\WINDOWS\SYSTEM32\blolgxjk.exe
2007-06-21 16:11 <DIR> d-------- C:\bintheredunthat
2007-06-21 16:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-06-21 16:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-06-19 11:02 <DIR> d-------- C:\Program Files\EnsignGames
2007-06-18 22:30 350,208 -ra------ C:\WINDOWS\SYSTEM\QTIM32.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 22:39:31 -------- d-----w C:\Program Files\Lavasoft
2007-07-02 22:39:23 -------- d-----w C:\DOCUME~1\KENDRI~1\APPLIC~1\Lavasoft
2007-06-30 16:28:25 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-06-25 03:03:38 150 ----a-w C:\DeleteAtReboot.bat
2007-06-21 21:06:46 25,214 ----a-w C:\Program Files\A.ico
2007-06-21 21:06:45 25,214 ----a-w C:\Program Files\B.ico
2007-06-08 16:00:55 -------- d-----w C:\Program Files\Walaber's Trampoline
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 01:45:25 -------- d-----w C:\Program Files\Google
2007-05-30 22:45:52 -------- d-----w C:\Program Files\iTunes
2007-05-30 22:45:46 -------- d-----w C:\Program Files\iPod
2007-05-30 22:40:06 -------- d-----w C:\Program Files\QuickTime
2007-05-20 19:17:13 -------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-05-20 02:08:53 -------- d-----w C:\Program Files\Virtools Web Player 3.5
2007-05-20 02:03:57 -------- d-----w C:\Program Files\PogoSticker
2007-05-19 20:48:50 -------- d-----w C:\Program Files\Flashbang Studios
2007-05-19 01:34:37 -------- d-----w C:\Program Files\Rumble Box
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-01-15 16:45:19 117,296 ----a-w C:\DOCUME~1\KENDRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-04-29 01:49:12 723 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2005-11-10 13:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-30 20:45 2554944 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 20:45 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0019445-4C1F-414D-A70E-AD80F231C584}]
2006-09-12 18:06 278528 --a------ C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" []
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 13:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 00:37]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM95\aim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 13:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [2006-06-16 09:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-06-26 13:54:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-15 17:03:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************

Completion time: 2007-07-15 14:38:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-15 14:38

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:22 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christianity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/11425dcdb715821ff123/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ipxmontr - Unknown owner - C:\WINDOWS\ipxmontr.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10873 bytes

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 15 July 2007 - 05:47 PM

Hi Sprinks,

You still have many malware files, so we will get rid of them.

Ewido anti-spyware 4.0 is now called AVG AntiSpyware.
If you have the paid version of Ewido, I suggest that you upgrade it and use it to scan your system later.

If not, please uninstall Ewido anti-spyware 4.0 and I'll ask you download and install AVG Anti-Spyware v7.5

*******************************************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
*******************************************


Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/11425dcdb715821ff123/...ip/RdxIE601.cab
O20 - AppInit_DLLs:
O23 - Service: ipxmontr - Unknown owner - C:\WINDOWS\ipxmontr.exe (file missing)



*******************************************

Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\SYSTEM32\qitssrqt.dll
C:\WINDOWS\SYSTEM32\vfrorcay.dll
C:\WINDOWS\SYSTEM32\kdkwsvua.exe
C:\WINDOWS\SYSTEM32\ynbyfwjt.dll
C:\WINDOWS\SYSTEM32\lrbklxaq.exe
C:\WINDOWS\SYSTEM32\yiamaogf.exe
C:\WINDOWS\SYSTEM32\drprkiak.exe
C:\WINDOWS\SYSTEM32\cbckrldn.dll
C:\WINDOWS\SYSTEM32\hvygkmdc.exe
C:\WINDOWS\SYSTEM32\teyedaxc.dll
C:\WINDOWS\SYSTEM32\blolgxjk.exe




Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.


Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 16 July 2007 - 08:19 PM

Wow SifuMike, your attention to my problem is so appreceated! Thanks in advance for all your help so far!
Here are the results in the order you requested.

Whoops...
My security software gets disabled when I run one of the applications you requested and I cannot access the internet until I reboot and reactivate my security software. I seem to loose the Combofix folder after that? I'll try rerunning the Combofix program and save the .txt file elsewhere so I can paste it here. Any idea's whats happening? I'll repost after.

Thanks,
Sprinks

#6 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 16 July 2007 - 08:35 PM

Ok, running Combofix doesn't disable my security software, so here is the information.

Thanks for your quick replies, things are already noticably better.
Sprinks.

2007-07-16 20:20:16 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-16 17:53 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-15 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-05 19:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 12:22 <DIR> d-------- C:\DOCUME~1\KENDRI~1\.housecall6.6
2007-07-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-21 16:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-06-21 16:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-06-19 11:02 <DIR> d-------- C:\Program Files\EnsignGames
2007-06-18 22:30 350,208 -ra------ C:\WINDOWS\SYSTEM\QTIM32.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 00:34:28 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-07-02 22:39:31 -------- d-----w C:\Program Files\Lavasoft
2007-07-02 22:39:23 -------- d-----w C:\DOCUME~1\KENDRI~1\APPLIC~1\Lavasoft
2007-06-25 03:03:38 150 ----a-w C:\DeleteAtReboot.bat
2007-06-21 21:06:46 25,214 ----a-w C:\Program Files\A.ico
2007-06-21 21:06:45 25,214 ----a-w C:\Program Files\B.ico
2007-06-08 16:00:55 -------- d-----w C:\Program Files\Walaber's Trampoline
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 01:45:25 -------- d-----w C:\Program Files\Google
2007-05-30 22:45:52 -------- d-----w C:\Program Files\iTunes
2007-05-30 22:45:46 -------- d-----w C:\Program Files\iPod
2007-05-30 22:40:06 -------- d-----w C:\Program Files\QuickTime
2007-05-20 19:17:13 -------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-05-20 02:08:53 -------- d-----w C:\Program Files\Virtools Web Player 3.5
2007-05-20 02:03:57 -------- d-----w C:\Program Files\PogoSticker
2007-05-19 20:48:50 -------- d-----w C:\Program Files\Flashbang Studios
2007-05-19 01:34:37 -------- d-----w C:\Program Files\Rumble Box
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-01-15 16:45:19 117,296 ----a-w C:\DOCUME~1\KENDRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-04-29 01:49:12 723 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-30 20:45 2554944 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 20:45 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0019445-4C1F-414D-A70E-AD80F231C584}]
2006-09-12 18:06 278528 --a------ C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" []
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 13:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 00:37]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM95\aim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 13:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-26 13:54:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-17 01:03:12 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************

Completion time: 2007-07-16 20:27:38
C:\ComboFix-quarantined-files.txt ... 2007-07-16 20:27
C:\ComboFix2.txt ... 2007-07-16 20:00

--- E O F ---

Here is the HijackThis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:32 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christianity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10526 bytes

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 16 July 2007 - 10:06 PM

Above Combofix log is the same one as you posted previously. I can't do anything with that log.
Please post the C:\Combofix.txt as requested. Don't post the combofix2.txt, combofix3.txt etc.. because that are older logs and most probably you have been posting Combofix2.txt here.

It should looks similar to this:

"Administrator" - 2007-07-10 14:14:43 - ComboFix 07-07-10.1 [SAFE MODE]
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


Edited by SifuMike, 16 July 2007 - 10:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 17 July 2007 - 09:13 PM

My turn to apologize, sorry for wasting your time with that last one. I trust this is what you are looking for.
Thanks,
Sprinks

- 2007-07-17 21:03:38 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Kendrick Eskelson\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-16 17:53 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-15 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-05 19:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 12:22 <DIR> d-------- C:\DOCUME~1\KENDRI~1\.housecall6.6
2007-07-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-21 16:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-06-21 16:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-06-19 11:02 <DIR> d-------- C:\Program Files\EnsignGames
2007-06-18 22:30 350,208 -ra------ C:\WINDOWS\SYSTEM\QTIM32.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 00:34:28 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-07-02 22:39:31 -------- d-----w C:\Program Files\Lavasoft
2007-07-02 22:39:23 -------- d-----w C:\DOCUME~1\KENDRI~1\APPLIC~1\Lavasoft
2007-06-25 03:03:38 150 ----a-w C:\DeleteAtReboot.bat
2007-06-21 21:06:46 25,214 ----a-w C:\Program Files\A.ico
2007-06-21 21:06:45 25,214 ----a-w C:\Program Files\B.ico
2007-06-08 16:00:55 -------- d-----w C:\Program Files\Walaber's Trampoline
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 01:45:25 -------- d-----w C:\Program Files\Google
2007-05-30 22:45:52 -------- d-----w C:\Program Files\iTunes
2007-05-30 22:45:46 -------- d-----w C:\Program Files\iPod
2007-05-30 22:40:06 -------- d-----w C:\Program Files\QuickTime
2007-05-20 19:17:13 -------- d-----w C:\Program Files\TrackMania Nations ESWC
2007-05-20 02:08:53 -------- d-----w C:\Program Files\Virtools Web Player 3.5
2007-05-20 02:03:57 -------- d-----w C:\Program Files\PogoSticker
2007-05-19 20:48:50 -------- d-----w C:\Program Files\Flashbang Studios
2007-05-19 01:34:37 -------- d-----w C:\Program Files\Rumble Box
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2005-01-15 16:45:19 117,296 ----a-w C:\DOCUME~1\KENDRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-04-29 01:49:12 723 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-30 20:45 2554944 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 20:45 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0019445-4C1F-414D-A70E-AD80F231C584}]
2006-09-12 18:06 278528 --a------ C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" []
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 13:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 00:37]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM95\aim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 13:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-26 13:54:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-17 01:03:12 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************

Completion time: 2007-07-17 21:08:05
C:\ComboFix-quarantined-files.txt ... 2007-07-17 21:07
C:\ComboFix2.txt ... 2007-07-17 20:56
C:\ComboFix3.txt ... 2007-07-16 20:27

--- E O F ---

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 17 July 2007 - 10:11 PM

Looks good. :thumbsup: Now for a final check.
Run ComboFix once more and post the ComboFix log, along with a fresh Hijackthis log.

Edited by SifuMike, 17 July 2007 - 10:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 21 July 2007 - 04:01 PM

Hi SifuMike,
The computer seems to be running clean, thanks so much for your assistance. I'll be making a donation to the cause for sure!

Here is the ComboFix log:

2007-07-21 15:41:58 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-16 17:53 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-15 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-05 19:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 12:22 <DIR> d-------- C:\DOCUME~1\KENDRI~1\.housecall6.6
2007-07-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-21 16:07 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-06-21 16:06 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 00:34:28 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-07-02 22:39:31 -------- d-----w C:\Program Files\Lavasoft
2007-07-02 22:39:23 -------- d-----w C:\DOCUME~1\KENDRI~1\APPLIC~1\Lavasoft
2007-06-25 03:03:38 150 ----a-w C:\DeleteAtReboot.bat
2007-06-21 21:06:46 25,214 ----a-w C:\Program Files\A.ico
2007-06-21 21:06:45 25,214 ----a-w C:\Program Files\B.ico
2007-06-19 16:02:09 -------- d-----w C:\Program Files\EnsignGames
2007-06-08 16:00:55 -------- d-----w C:\Program Files\Walaber's Trampoline
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 01:45:25 -------- d-----w C:\Program Files\Google
2007-05-30 22:45:52 -------- d-----w C:\Program Files\iTunes
2007-05-30 22:45:46 -------- d-----w C:\Program Files\iPod
2007-05-30 22:40:06 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-01-15 16:45:19 117,296 ----a-w C:\DOCUME~1\KENDRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-04-29 01:49:12 723 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-30 20:45 2554944 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 20:45 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0019445-4C1F-414D-A70E-AD80F231C584}]
2006-09-12 18:06 278528 --a------ C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" []
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 13:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 00:37]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM95\aim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 13:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-26 13:54:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-21 01:03:13 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************

Completion time: 2007-07-21 15:49:28
C:\ComboFix-quarantined-files.txt ... 2007-07-21 15:48
C:\ComboFix2.txt ... 2007-07-17 21:08
C:\ComboFix3.txt ... 2007-07-17 20:56

--- E O F ---

And the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:19 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christianity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O10 - Unknown file in Winsock LSP: inetcntrl0003.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10390 bytes

How's it looking now?

Thanks,
Sprinks

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 21 July 2007 - 04:21 PM

Hi Sprinks,

I see two more files we need to kill. :thumbsup:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\A.ico
    C:\Program Files\B.ico


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run ComboFix and post the ComboFix log and OTMoveIt log for a final check.

Edited by SifuMike, 21 July 2007 - 04:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 25 July 2007 - 07:34 PM

Ok SifuMike,
Back from a couple of day's off, glad to hear back from you. I'll be monitoring this topic daily for the remainder of the week. Here are your log's;

OTMoveIT-log:
C:\Program Files\A.ico moved successfully.
C:\Program Files\B.ico moved successfully.

Created on 07/25/2007 19:18:04

ComboFix-log:
- 2007-07-25 19:20:13 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-25 12:10 <DIR> d-------- C:\Program Files\LimeWire
2007-07-16 17:53 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-07-15 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-05 19:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-04 12:22 <DIR> d-------- C:\DOCUME~1\KENDRI~1\.housecall6.6
2007-07-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 17:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 00:34:28 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-07-02 22:39:31 -------- d-----w C:\Program Files\Lavasoft
2007-07-02 22:39:23 -------- d-----w C:\DOCUME~1\KENDRI~1\APPLIC~1\Lavasoft
2007-06-25 03:03:38 150 ----a-w C:\DeleteAtReboot.bat
2007-06-21 21:07:05 0 ----a-w C:\WINDOWS\system32\taskkill.exe
2007-06-21 21:06:41 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-06-19 16:02:09 -------- d-----w C:\Program Files\EnsignGames
2007-06-08 16:00:55 -------- d-----w C:\Program Files\Walaber's Trampoline
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 01:45:25 -------- d-----w C:\Program Files\Google
2007-05-30 22:45:52 -------- d-----w C:\Program Files\iTunes
2007-05-30 22:45:46 -------- d-----w C:\Program Files\iPod
2007-05-30 22:40:06 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2005-01-15 16:45:19 117,296 ----a-w C:\DOCUME~1\KENDRI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-04-29 01:49:12 723 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-05-30 20:45 2554944 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-30 20:45 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0019445-4C1F-414D-A70E-AD80F231C584}]
2006-09-12 18:06 278528 --a------ C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" []
"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1134048930\ee\AOLSoftware.exe" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [2004-03-31 13:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 00:37]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM95\aim.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-17 13:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-26 13:54:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 17:03:12 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

**************************************************************************

Completion time: 2007-07-25 19:27:51
C:\ComboFix-quarantined-files.txt ... 2007-07-25 19:27
C:\ComboFix2.txt ... 2007-07-21 15:49
C:\ComboFix3.txt ... 2007-07-17 21:08

--- E O F ---

Computer is running much better, thanks again,
Sprinks

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 25 July 2007 - 09:08 PM

Hi Sprinks,

You have a suspicious file we need to check.

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\system32\vbzip10.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results also in your next reply.

Note: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Sprinks

Sprinks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, Minnesota
  • Local time:11:44 PM

Posted 27 July 2007 - 08:35 PM

Here you are;

File vbzip10.dll received on 07.28.2007 03:23:52 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.27 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.27 -
AVG 7.5.0.476 2007.07.27 -
BitDefender 7.2 2007.07.28 -
CAT-QuickHeal 9.00 2007.07.26 -
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.27 -
eSafe 7.0.15.0 2007.07.24 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.27 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.27 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.27 -
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.28 -
NOD32v2 2426 2007.07.27 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.27 -
Rising 19.33.42.00 2007.07.27 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.28 -
TheHacker 6.1.7.155 2007.07.27 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.27 -
Webwasher-Gateway 6.0.1 2007.07.28 -

Additional information
File size: 147456 bytes
MD5: 5b25690cc2e55a6d4bc965068a7ba1ef
SHA1: 58a5f2613df475b69e60b691215d5c60462cedb3

Thanks SifuMike,
Sprinks

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:44 PM

Posted 27 July 2007 - 08:58 PM

Hi Sprinks,

The VirusTotal log you posted is not complete, so I can not tell anything from it. :thumbsup:
Did you put in the entire file path?


It should look something list this sample (on a different file).

Complete scanning result of "_MSRSTRT.EXE", processed in VirusTotal at
07/20/2007 03:00:53 (CET).

[ file data ]
* name: _MSRSTRT.EXE
* size: 2560
* md5.: 815372073da85b2098a37ded84083c8a
* sha1: 0a70574450bee11c9c09f25f082e0253aa32ceaa

[ scan result ]
AhnLab-V3 2007.7.20.0/20070719 found nothing
AntiVir 7.4.0.44/20070719 found nothing
Authentium 4.93.8/20070719 found nothing
Avast 4.7.997.0/20070719 found nothing
AVG 7.5.0.476/20070719 found nothing
BitDefender 7.2/20070720 found nothing
CAT-QuickHeal 9.00/20070719 found [Tool.Win32.Reboot (Not a Virus)]
ClamAV devel-20070416/20070719 found nothing
DrWeb 4.33/20070719 found nothing
eSafe 7.0.15.0/20070719 found nothing
eTrust-Vet 30.8.3795/20070719 found nothing
Ewido 4.0/20070719 found nothing
F-Prot 4.3.2.48/20070719 found nothing
F-Secure 6.70.13030.0/20070719 found nothing
FileAdvisor 1/20070720 found nothing
Fortinet 2.91.0.0/20070719 found nothing
Ikarus T3.1.1.8/20070719 found nothing
Kaspersky 4.0.2.24/20070720 found nothing
McAfee 5078/20070719 found nothing
Microsoft 1.2704/20070720 found nothing
NOD32v2 2408/20070719 found nothing
Norman 5.80.02/20070719 found nothing
Panda 9.0.0.4/20070719 found nothing
Sophos 4.19.0/20070717 found nothing
Sunbelt 2.2.907.0/20070719 found nothing
Symantec 10/20070720 found nothing
TheHacker 6.1.7.149/20070718 found nothing
VBA32 3.12.2.1/20070719 found nothing
VirusBuster 4.3.26:9/20070719 found nothing
Webwasher-Gateway 6.0.1/20070720 found nothing



Please run it again and post the entire log.

Edited by SifuMike, 27 July 2007 - 09:01 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users