Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jibajib.dll


  • Please log in to reply
5 replies to this topic

#1 MattT

MattT

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 July 2007 - 01:24 AM

Hi, having problems with the Jibajib.dll.bak


AVG keeps flagging it as a virus, but can't get rid of it :thumbsup: Thabks in advance....I have followed the tutorials to clean, but to no avail, also can't find info online about it?

Here is my HT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:06 p.m., on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {5E336E84-ED30-469E-B8D8-7219BE4DE854} - c:\windows\system32\jibajib.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183275199906
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA710721-83B3-4BDA-BE73-7A050C6EF642}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS5\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hfgjwjqe - C:\WINDOWS\SYSTEM32\jibajib.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4871 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 11 July 2007 - 02:13 PM

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 MattT

MattT
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 12 July 2007 - 11:12 PM

Thanks for your help! :thumbsup:

Combofix log:

"Matt" - 2007-07-13 15:57:34 - ComboFix 07-07-10.1 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-11 20:20 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-07-11 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 10:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-10 00:15 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-07-10 00:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-10 00:15 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-10 00:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-10 00:14 9,273,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-10 00:14 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-10 00:14 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-10 00:14 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-07-10 00:14 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-10 00:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-09 23:53 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-09 18:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-09 18:23 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\SUPERAntiSpyware.com
2007-07-09 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-09 18:20 7,248 --a------ C:\dnsbak.reg
2007-07-09 18:02 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-07 09:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-06 22:01 <DIR> d-------- C:\Program Files\Winamp
2007-07-05 23:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-03 19:51 4,120,576 --a------ C:\DOCUME~1\Matt\ntuser.dat
2007-07-02 05:45 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-30 18:38 1,048,576 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-30 11:50 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-30 11:37 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-30 11:37 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-06-30 11:37 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-06-30 11:37 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-06-30 11:37 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-06-30 11:37 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-06-30 11:37 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-06-30 11:37 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-06-30 11:37 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-06-30 11:37 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-30 11:37 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-06-30 11:37 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-06-30 11:37 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-06-30 11:37 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-06-30 11:37 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-30 11:37 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-30 11:37 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-06-30 11:37 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-06-30 11:37 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-06-30 11:37 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-06-30 11:37 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-06-30 11:37 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-06-30 11:37 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-06-30 11:37 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-06-30 11:37 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-06-30 11:37 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-06-30 11:37 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-30 11:37 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-06-30 11:37 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-06-30 11:37 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-06-30 11:37 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-06-30 11:37 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-06-30 11:37 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-06-30 11:37 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-06-30 11:37 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-06-30 11:37 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-06-30 11:37 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-06-30 11:37 32,866 --------- C:\WINDOWS\slrundll.exe
2007-06-30 11:37 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-06-30 11:37 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-06-30 11:37 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-06-30 11:37 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-06-30 11:37 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-30 11:37 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-06-30 11:37 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-06-30 11:37 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-06-30 11:37 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-06-30 11:37 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-06-30 11:37 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-06-30 11:37 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-06-30 11:37 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-06-30 11:37 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-06-30 11:37 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-06-30 11:37 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-06-30 11:37 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-06-30 11:37 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-06-30 11:37 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-06-30 11:37 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-06-30 11:37 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-06-30 11:37 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-06-30 11:37 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-06-30 11:37 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-06-30 11:37 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-06-30 11:37 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-06-30 11:37 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-06-30 11:37 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-06-30 11:37 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-06-30 11:37 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-06-30 11:37 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-06-30 11:37 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-06-30 11:37 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-06-30 11:37 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-30 11:37 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-06-30 11:37 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 10:01:24 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-07-05 12:22:16 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Apple Computer
2007-07-02 03:48:20 -------- d-----w C:\Program Files\DVD Shrink
2007-06-28 00:54:52 -------- d--ha-w C:\Program Files\WindowsUpdate
2007-06-28 00:52:04 54,520 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2007-06-26 06:02:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 06:01:55 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-20 11:51:36 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\dvdcss
2007-06-11 05:55:20 -------- d-----w C:\Program Files\FileZilla
2007-06-11 05:41:17 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-06-10 12:24:05 -------- d-----w C:\Program Files\Exact Audio Copy
2007-06-10 11:54:19 -------- d-----w C:\Program Files\Quintessential Player
2007-06-10 03:17:29 -------- d-----w C:\Program Files\Acesoft
2007-06-09 09:22:21 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Help
2007-06-09 08:46:45 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\AccurateRip
2007-06-09 08:42:22 4,112,760 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-04 03:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 03:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 03:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-30 11:25:42 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\FileMaker
2007-05-30 11:13:05 -------- d-----w C:\Program Files\Audiograbber
2007-05-30 10:44:36 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-05-30 10:44:36 -------- d-----w C:\Program Files\Alcohol Soft
2007-05-30 10:43:17 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6589.sys
2007-05-30 10:43:17 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-29 12:57:02 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-29 12:57:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-29 11:33:19 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\My Audio
2007-05-29 09:58:34 1,277 ----a-w C:\WINDOWS\mozver.dat
2007-05-28 07:03:36 -------- d-----w C:\Program Files\DVD Decrypter
2007-05-28 06:27:03 -------- d-----w C:\Program Files\InfraRecorder
2007-05-26 02:11:51 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\WinRAR
2007-05-18 15:35:04 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-18 15:35:02 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-18 05:58:21 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\vlc
2007-05-18 05:51:23 -------- d-----w C:\Program Files\VideoLAN
2007-05-18 05:22:49 -------- d-----w C:\Program Files\VIA
2007-05-18 05:10:56 -------- d-----w C:\Program Files\PC Drivers HeadQuarters
2007-05-18 05:06:56 177,152 ----a-w C:\Program Files\utorrent.exe
2007-05-18 05:02:57 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-18 04:20:47 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-18 04:20:27 0 --sha-r C:\MSDOS.SYS
2007-05-18 04:20:27 0 --sha-r C:\IO.SYS
2007-05-18 04:20:27 0 ----a-w C:\CONFIG.SYS
2007-05-18 04:20:27 0 ----a-w C:\AUTOEXEC.BAT
2007-05-18 04:19:16 -------- d-----w C:\Program Files\Online Services
2007-05-18 04:18:39 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-18 04:18:32 -------- d-----w C:\Program Files\Movie Maker
2007-05-18 04:17:54 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 04:17:34 -------- d-----w C:\Program Files\Messenger
2007-05-18 04:17:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-18 04:17:24 -------- d-----w C:\Program Files\Windows NT
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 03:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 00:05]
"Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-08-02 12:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-07 16:24]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-31 00:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\System Reserved]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
"C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f942100-0ea2-11dc-b1f7-0011d882ba44}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"


Contents of the 'Scheduled Tasks' folder
2007-07-06 19:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 15:59:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 16:00:02
C:\ComboFix-quarantined-files.txt ... 2007-07-13 15:59
C:\ComboFix2.txt ... 2007-07-11 18:35

--- E O F ---



HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:37 p.m., on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183275199906
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA710721-83B3-4BDA-BE73-7A050C6EF642}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS5\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4683 bytes

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 13 July 2007 - 05:19 AM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as ComboFix-Do.txt
  • Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
    Posted Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


#5 MattT

MattT
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 14 July 2007 - 04:45 AM

Thanks ! :thumbsup:

"Matt" - 2007-07-14 21:26:42 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Matt\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


2007-07-14 15:56 <DIR> d-------- C:\Great Sound For DV
2007-07-14 15:17 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-14 15:16 <DIR> d-------- C:\Program Files\PSP VintageMeter
2007-07-14 00:35 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-14 00:35 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-14 00:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-11 20:20 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-07-11 18:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 10:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-10 00:15 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-07-10 00:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-10 00:15 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-10 00:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-10 00:14 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-10 00:14 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-10 00:14 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-07-10 00:14 11,567,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-10 00:14 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-10 00:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-09 23:53 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-09 18:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-09 18:23 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\SUPERAntiSpyware.com
2007-07-09 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-09 18:20 7,248 --ah----- C:\dnsbak.reg
2007-07-09 18:02 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-07 09:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-05 23:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-03 19:51 4,120,576 --a------ C:\DOCUME~1\Matt\ntuser.dat
2007-07-02 05:45 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-30 18:38 1,048,576 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-30 11:50 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-30 11:37 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-30 11:37 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-06-30 11:37 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-06-30 11:37 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-06-30 11:37 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-06-30 11:37 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-06-30 11:37 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-06-30 11:37 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-06-30 11:37 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-06-30 11:37 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-30 11:37 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-06-30 11:37 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-06-30 11:37 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-06-30 11:37 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-06-30 11:37 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-30 11:37 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-30 11:37 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-06-30 11:37 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-06-30 11:37 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-06-30 11:37 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-06-30 11:37 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-06-30 11:37 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-06-30 11:37 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-06-30 11:37 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-06-30 11:37 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-06-30 11:37 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-06-30 11:37 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-30 11:37 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-06-30 11:37 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-06-30 11:37 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-06-30 11:37 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-06-30 11:37 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-06-30 11:37 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-06-30 11:37 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-06-30 11:37 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-06-30 11:37 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-06-30 11:37 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-06-30 11:37 32,866 --------- C:\WINDOWS\slrundll.exe
2007-06-30 11:37 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-06-30 11:37 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-06-30 11:37 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-06-30 11:37 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-06-30 11:37 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-30 11:37 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-06-30 11:37 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-06-30 11:37 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-06-30 11:37 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-06-30 11:37 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-06-30 11:37 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-06-30 11:37 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-06-30 11:37 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-06-30 11:37 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-06-30 11:37 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-06-30 11:37 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-06-30 11:37 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-06-30 11:37 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-06-30 11:37 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-06-30 11:37 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-06-30 11:37 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-06-30 11:37 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-06-30 11:37 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-06-30 11:37 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-06-30 11:37 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-06-30 11:37 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-06-30 11:37 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-06-30 11:37 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-06-30 11:37 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-06-30 11:37 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-06-30 11:37 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 03:55:52 -------- d-----w C:\Program Files\Audiograbber
2007-07-06 10:01:24 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-07-05 12:22:16 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Apple Computer
2007-07-02 03:48:20 -------- d-----w C:\Program Files\DVD Shrink
2007-06-28 00:54:52 -------- d--ha-w C:\Program Files\WindowsUpdate
2007-06-28 00:52:04 54,520 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2007-06-26 06:02:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 06:01:55 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-20 11:51:36 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\dvdcss
2007-06-11 05:55:20 -------- d-----w C:\Program Files\FileZilla
2007-06-11 05:41:17 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-06-10 12:24:05 -------- d-----w C:\Program Files\Exact Audio Copy
2007-06-10 11:54:19 -------- d-----w C:\Program Files\Quintessential Player
2007-06-10 03:17:29 -------- d-----w C:\Program Files\Acesoft
2007-06-09 09:22:21 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Help
2007-06-09 08:46:45 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\AccurateRip
2007-06-09 08:42:22 4,112,760 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-04 03:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 03:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 03:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-30 11:25:42 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\FileMaker
2007-05-30 10:44:36 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-05-30 10:44:36 -------- d-----w C:\Program Files\Alcohol Soft
2007-05-30 10:43:17 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6589.sys
2007-05-30 10:43:17 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-29 12:57:02 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-29 12:57:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-29 11:33:19 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\My Audio
2007-05-29 09:58:34 1,277 ----a-w C:\WINDOWS\mozver.dat
2007-05-28 07:03:36 -------- d-----w C:\Program Files\DVD Decrypter
2007-05-28 06:27:03 -------- d-----w C:\Program Files\InfraRecorder
2007-05-26 02:11:51 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\WinRAR
2007-05-18 15:35:04 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-18 15:35:02 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-18 05:58:21 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\vlc
2007-05-18 05:51:23 -------- d-----w C:\Program Files\VideoLAN
2007-05-18 05:22:49 -------- d-----w C:\Program Files\VIA
2007-05-18 05:10:56 -------- d-----w C:\Program Files\PC Drivers HeadQuarters
2007-05-18 05:06:56 177,152 ----a-w C:\Program Files\utorrent.exe
2007-05-18 05:02:57 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-18 04:20:47 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-18 04:20:27 0 --sha-r C:\MSDOS.SYS
2007-05-18 04:20:27 0 --sha-r C:\IO.SYS
2007-05-18 04:20:27 0 ----a-w C:\CONFIG.SYS
2007-05-18 04:20:27 0 ----a-w C:\AUTOEXEC.BAT
2007-05-18 04:19:16 -------- d-----w C:\Program Files\Online Services
2007-05-18 04:18:39 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-18 04:18:32 -------- d-----w C:\Program Files\Movie Maker
2007-05-18 04:17:54 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 04:17:34 -------- d-----w C:\Program Files\Messenger
2007-05-18 04:17:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-18 04:17:24 -------- d-----w C:\Program Files\Windows NT
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 00:05]
"Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2006-08-02 12:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-07 16:24]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-31 00:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\System Reserved]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
"C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f942100-0ea2-11dc-b1f7-0011d882ba44}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"


Contents of the 'Scheduled Tasks' folder
2007-07-13 19:53:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 21:28:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-14 21:29:14

--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:27 p.m., on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183275199906
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA710721-83B3-4BDA-BE73-7A050C6EF642}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CS5\Services\Tcpip\..\{54C1CD29-B79E-4A67-9738-5684F13BECFC}: NameServer = 202.180.64.9,202.180.64.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4902 bytes

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 15 July 2007 - 02:41 AM

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log and a new HijackThis log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users