|
|
|
fp pc on internet.com pop ups spyware problems
|
|
|
dvan1
Suspended due to non-functional email address
|
22. December 2007 @ 12:28 |
Link to this message
|
Hello,
I have been getting pop ups from fp-pc on internet.com for the last 5 days. After browsing through what might be the cause, I found that I am have the same problem as is in this post.
Can anybody help me to find solution for this problem?
I have downloaded SmitFraudFix which I THINK may be the cause for my problem. I have done search using Option 1 and I am posting the output of the log file rapport.txt below:
SmitFraudFix v2.274
Scan done at 12:38:15.87, 22/12/2007
Run from C:\Users\BPL\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0220Mon.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Users\BPL\AppData\Local\jkzhape.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» \
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Many Thanks,
Dev
|
|
Advertisement
|
 |
|
|
Senior Member
|
22. December 2007 @ 18:11 |
Link to this message
|
|
|
|
dvan1
Suspended due to non-functional email address
|
23. December 2007 @ 05:57 |
Link to this message
|
Hello Qucikdraw,
Please find the log of HijackThis below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:11, on 23/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&cl...=uk&ibd=4070417
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0220Cfg.exe] V0220Cfg.exe /d:3
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8344 bytes
Many Thanks,
Dev
|
Senior Member
|
23. December 2007 @ 06:15 |
Link to this message
|
Start HijackThis, run scan, check the box next to this file for removal. click, Fix checked.
It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans.
O4 - HKLM\..\Run: [V0220Cfg.exe] V0220Cfg.exe /d:3
This message has been edited since posting. Last time this message was edited on 23. December 2007 @ 06:18
|
|
dvan1
Suspended due to non-functional email address
|
23. December 2007 @ 06:30 |
Link to this message
|
|
Hello QuikDraw,
Please bear with me for asking this.
Do I need to perform this in the safe mode?
Many Thanks,
Dev
|
Senior Member
|
23. December 2007 @ 06:33 |
Link to this message
|
|
When removing infection, yes.
|
Senior Member
|
23. December 2007 @ 06:38 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 23. December 2007 @ 06:45
|
|
dvan1
Suspended due to non-functional email address
|
23. December 2007 @ 07:37 |
Link to this message
|
Hello QuikDraw,
Here are the logs for SmitFraud, HijackThis and ComboFix..
SmitFraudFix v2.274
Scan done at 12:00:12.83, 23/12/2007
Run from C:\Users\BPL\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile for HijackThis......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:19, on 23/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode
Running processes:
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 7380 bytes
Logfile for ComboFix...
ComboFix 07-12-21.4 - akkumar 23/12/2007 12:13:05.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1366 [GMT 0:00]
Running from: C:\Users\BPL\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Privacy Policy.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Terms and conditions.url
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
C:\Users\BPL\AppData\Local\jkzhape.dat
C:\Users\BPL\AppData\Local\jkzhape.exe
C:\Users\BPL\AppData\Local\jkzhape_nav.dat
C:\Users\BPL\AppData\Local\jkzhape_navps.dat
C:\Users\Public\Desktop\webmediaplayer.lnk
C:\Windows\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.
2007-12-23 10:35 . 23/12/2007 10:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 12:38 . 23/12/2007 12:00 3,730 --a------ C:\Windows\System32\tmp.reg
2007-12-18 20:31 . 18/12/2007 20:31 <DIR> dr-h----- C:\Users\akkumar\AppData\Roaming\SecuROM
2007-12-18 20:31 . 18/12/2007 20:31 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2007-12-15 11:54 . 15/12/2007 11:54 <DIR> dr-h----- C:\Users\BPL\AppData\Roaming\SecuROM
2007-12-12 22:49 . 12/12/2007 22:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 22:49 . 12/12/2007 22:49 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 22:49 . 12/12/2007 22:49 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:49 . 12/12/2007 22:49 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 22:39 . 12/12/2007 22:39 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-12 22:39 . 12/12/2007 22:39 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-12 22:39 . 12/12/2007 22:39 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-12 22:39 . 12/12/2007 22:39 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-12 22:39 . 12/12/2007 22:39 0 --a------ C:\Windows\ativpsrm.bin
2007-12-12 22:36 . 12/12/2007 22:36 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 22:36 . 12/12/2007 22:36 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 22:35 . 12/12/2007 22:35 2,048 --a------ C:\Windows\System32\tzres.dll
2007-11-24 23:57 . 24/11/2007 23:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 12:37 --------- d-----w C:\Program Files\Common Files\NSV
2007-12-16 13:12 --------- d-----w C:\Users\BPL\AppData\Roaming\SopCast
2007-12-12 22:50 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 22:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 22:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 22:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-09 23:09 --------- d-----w C:\Users\BPL\AppData\Roaming\Winamp
2007-11-24 23:57 --------- d-----w C:\Program Files\Common Files\Real
2007-11-23 21:30 --------- d-----w C:\Program Files\Thomson
2007-11-17 18:51 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-17 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 08:27 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 08:27 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 08:27 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 08:27 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 08:27 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 08:27 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 08:27 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 08:27 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 08:27 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 08:27 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 08:27 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 08:24 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-15 08:24 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-15 08:24 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 08:24 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 08:24 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 08:24 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 08:24 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 08:23 --------- d-----w C:\Program Files\Windows Mail
2007-11-14 20:56 --------- d-----w C:\Program Files\Electronic Arts
2007-10-28 12:37 --------- d-----w C:\Users\akkumar\AppData\Roaming\SopCast
2007-10-28 12:36 --------- d-----w C:\Program Files\SopCast
2007-10-11 06:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-11 06:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-11 06:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-11 06:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 06:43 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 06:43 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-11 06:43 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-09-29 03:03 9,850,880 ----a-w C:\Windows\System32\atioglxx.dll
2007-09-29 03:02 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2007-09-29 03:02 356,352 ----a-w C:\Windows\System32\ATIDEMGX.dll
2007-09-29 03:02 266,240 ----a-w C:\Windows\System32\atipdlxx.dll
2007-09-29 03:02 245,760 ----a-w C:\Windows\System32\Ati2evxx.dll
2007-09-29 03:02 237,568 ----a-w C:\Windows\System32\Oemdspif.dll
2007-09-29 03:02 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2007-09-29 03:01 610,304 ----a-w C:\Windows\System32\Ati2evxx.exe
2007-09-29 02:50 3,071,488 ----a-w C:\Windows\System32\atiumdag.dll
2007-09-29 02:37 3,887,104 ----a-w C:\Windows\System32\atiumdva.dll
2007-09-29 02:27 48,128 ----a-w C:\Windows\System32\amdpcom32.dll
2007-08-31 09:53 174 --sha-w C:\Program Files\desktop.ini
2007-04-23 21:19 0 ----a-w C:\Users\BPL\AppData\Roaming\wklnhst.dat
2007-05-23 21:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-23 21:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-23 21:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 12:35]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 14:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [28/05/2007 09:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [23/05/2007 18:19]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [17/04/2007 01:04]
"SigmatelSysTrayApp"="sttray.exe" [08/02/2007 05:16 C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 10:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [17/04/2007 01:16]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [17/11/2006 21:13]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 10:35]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 10:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [17/08/2006 08:00]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [22/02/2007 19:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [19/12/2006 10:27]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [09/06/2006 00:11]
"V0220Mon.exe"="C:\Windows\V0220Mon.exe" [28/06/2006 17:01]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 14:10]
"diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" [23/11/2007 21:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [24/11/2007 23:56]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 09:45]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [19/06/2007 09:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [11/08/2006 09:35]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [29/09/2007 03:13]
R3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [23/05/2007 18:06]
R3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [23/05/2007 18:06]
R3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [23/05/2007 18:06]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [29/09/2007 03:13]
S3 V0220Dev;Live! Cam Video IM;C:\Windows\system32\DRIVERS\V0220Dev.sys [29/06/2006 05:58]
S3 V0220Vfx;V0220VFX;C:\Windows\system32\DRIVERS\V0220Vfx.sys [08/06/2006 08:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 12:15:27 C:\Windows\Tasks\User_Feed_Synchronization-{1B49C41A-5BB8-40F5-9EBE-A6DA0E3E073D}.job"
- C:\Windows\system32\msfeedssync.exe
"2007-12-23 12:15:27 C:\Windows\Tasks\User_Feed_Synchronization-{F48C7CFB-64FB-4593-9A37-58AAC2CDB372}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 12:16:25
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 23/12/2007 12:17:21
.
2007-12-21 09:09:52 --- E O F ---
Many Thanks,
Dev
|
Senior Member
|
23. December 2007 @ 07:50 |
Link to this message
|
|
How's the computer running so far?
|
|
dvan1
Suspended due to non-functional email address
|
23. December 2007 @ 07:58 |
Link to this message
|
So far no pop ups from fp pc on internet.com
Only thing is that now Windows Defender reports that some start up programs are blocked.
Thanks for the help regarding this.
Can you kindly suggest what might have been the cause due to which I got this trojan..and how to prevent this from happening again in future..?
|
Senior Member
|
23. December 2007 @ 08:17 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 23. December 2007 @ 08:22
|
|
dvan1
Suspended due to non-functional email address
|
23. December 2007 @ 14:37 |
Link to this message
|
Thanks for the info regarding Trojans. I will keep that in mind.
The Windows Defender is actually blocking System Configuration Utility (SCU)..which means SCU is starting everytime I login into my Vista machine.
If I can disable it from starting during start up, it would be great.
Shall I still do..'Start>Run>Type, sfc /scannow ' as I haven't done it yet?
Many Thanks,
Dev.
|
Senior Member
|
23. December 2007 @ 17:24 |
Link to this message
|
|
|
|
dvan1
Suspended due to non-functional email address
|
24. December 2007 @ 06:33 |
Link to this message
|
The problem is that I cannot find Windows Defender in Programs and Features of the Control Panel to uninstall it. It comes as a part of Windows Vista I presume.
|
Senior Member
|
24. December 2007 @ 14:51 |
Link to this message
|
OK, let's review what's been do, so far. First we ran HijackThis to find infections. Next, we ran SmitFraudFix to remove, O4 - HKLM\..\Run: [V0220Cfg.exe] V0220Cfg.exe /d:3, which the data base describes as a Trojan. Removing this Trojan fixed the pop up problem. However, by removing Trojan caused two other issues with Windows Defender. First you reported,"Windows Defender reports that some start up programs are blocked." Then you reported, "Windows Defender is actually blocking System Configuration Utility (SCU)..which means SCU is starting everytime I login into my Vista machine." You've indicated, Windows Defender is not listed among the programs in add/remove programs. Does all this sound correct, so far?
Go here and install a new copy of WD. Just overwrite, if prompted. http://www.microsoft.com/athome/security...re/default.mspx
That Trojan did a number. Let me know what happens next.
This message has been edited since posting. Last time this message was edited on 24. December 2007 @ 14:51
|
|
dvan1
Suspended due to non-functional email address
|
25. December 2007 @ 08:28 |
Link to this message
|
Hello QuikDraw,
Yes..that's what has been done until now.
I do not see Add/Remove icon in the Control Panel for Vista.
I only see Programs and Features icon through which I can uninstall or change the programs.
And Windows Defender is actually in the Control Panel which I can only open.
When I try to install a new copy of windows Defender from the link http://www.microsoft.com/athome/security...re/default.mspx, it says that Windows Defender is already installed as it comes with Vista and cancels the installation.
Many Thanks,
Dev.
|
Senior Member
|
25. December 2007 @ 23:21 |
Link to this message
|
Better yet, let's try first running System Restore. Now that the Trojan has been removed. Note: Go back a week before the problems started. If your not sure go back further. Here's the guide:
http://www.bleepingcomputer.com/tutorials/tutorial143.html
I read a few articles were people have had problems trying to remove Windows Defender in Vista. Doesn't seem to want to go! Good old Vista! I'll research this more tomorrow. The alternative would be to disable Windows Defender in (MSCONFIG) Microsoft Configuration Utility for now. Until we find a fix.
I'm still using Windows XP Pro. I don't plan on buying a new machine with Vista until they have most of the bugs out of the OS. In the short time Vista has been out, Microsoft has already released two service packs! Not good! The second service pack is still a Beta form, so don't download that one yet. Wait on any updates until your system is fixed.
Your correct, on Vista it's Programs and Features. But, Try "Turn Windows features on or off" think you'll find Add/Remove Programs then. Anyway, other than looking, forget changing anything in there for now.
Get back to me after you've tried to restore.
|
|
dvan1
Suspended due to non-functional email address
|
1. January 2008 @ 11:39 |
Link to this message
|
|
Hi,
Sorry I wasn't able to do System Restore until now as I was away. Anyways, I have now done System Restore..and no popups appear as was the case before.but the system seems to be running very slow..
I will post again if the system becomes normal.
Many Thanks,
Dev
|
Senior Member
|
1. January 2008 @ 16:57 |
Link to this message
|
Windows Defender, is it running normal now? Other, than the system running sluggish, are there any other issues?
If not, I can help you with get the system running faster.
Run Disc Cleanup, and Disc defragmenter.
Download this free registry cleaner. http://www.ccleaner.com/ Just read and follow the instructions. It's a very easy program to use.
Run the registry cleaner a few times until it shows, no issues found. This can take two or three times if there is a lot of garbage to remove.
Afterwards, let me know how the PC is running.
This message has been edited since posting. Last time this message was edited on 1. January 2008 @ 17:12
|
|
dvan1
Suspended due to non-functional email address
|
1. January 2008 @ 17:10 |
Link to this message
|
The Windows Defender is normal I think..it doesn't block anything from running..
The CPU usage is always between 15-20% and whenever I start a new program it goes to up to 50-60%.
|
Senior Member
|
1. January 2008 @ 17:25 |
Link to this message
|
|
It appears, the restore corrected the problems with Defender. What brand and model computer? What version of Vista? Is vista fully updated? What service packs have you installed? What type of Internet connection, Dialup, DSL, or high speed? In Task manager, Processes Tab, in the CPU column. Which processes are using what percentage of power?
|
|
mayab
Newbie
|
15. May 2008 @ 11:40 |
Link to this message
|
Hi ,
I have the same problem.
someone can help me?
this my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:03, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
G:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
G:\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\users\michael\appdata\local\shyhfuh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ArelinIM] "C:\Program Files\ArelAnyware\ArelinIM.exe"
O4 - HKCU\..\Run: [uxwlaz] c:\users\michael\appdata\local\uxwlaz.exe uxwlaz
O4 - HKCU\..\Run: [nfflvacn] c:\users\michael\appdata\local\nfflvacn.exe nfflvacn
O4 - HKCU\..\Run: [kuxurgpz] c:\users\michael\appdata\local\kuxurgpz.exe kuxurgpz
O4 - HKCU\..\Run: [uxzgiht] c:\users\michael\appdata\local\uxzgiht.exe uxzgiht
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Ekiga.lnk = D:\Ekiga\ekiga.exe
O4 - Startup: OneNote 2007 - Capture d'?cran et lancement.lnk
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d?Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer ? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer ? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.comiris-conference.com/Downlo...re/iftwclix.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7BABCBE7-ECFF-4EA0-A344-1DC32458A6ED} (NTR Plugin 1.2.4) - http://eu.ntrsupport.com/inquiero/mod/setup/ntrplugin124v_28.cab
O16 - DPF: {8DDA3DC7-A2B4-4BA4-8BF6-571B16549802} (PrintX.PrintURLs) - https://www.012bill.net/GoldLine/PrintURLs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\CISCO_VPN\cvpnd.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12550 bytes
maya
|
|
Advertisement
|
|
|
|
zerofox
Suspended due to non-functional email address
|
28. July 2008 @ 09:31 |
Link to this message
|
|
You could always go to the web site www.pc-on-internet.com and download the uninstall program, that?s what I did, I don?t know if it had any tricks in it but it has not shown it self ever since.
|
|
