|
|
|
viruses help
|
|
|
cubfan_02
Newbie
|
3. September 2008 @ 19:19 |
Link to this message
|
can anyone help me and let me know where i can find some trojan that i cant seem to find even with kaspersky here is my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:31 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {BD5D97C1-1497-4A53-98A3-72A60F1E8246} - C:\WINDOWS\system32\jkkHaaYS.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BM74b41f6d] Rundll32.exe "C:\WINDOWS\system32\tgoiecsu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1134261515046
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D937284-0C90-4A53-9BAE-050C6B32DDEC}: NameServer = 65.24.7.10,65.24.7.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C16856F-15E4-4666-A4EA-19C6CF58C939}: NameServer = 65.24.7.10,65.24.7.11
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ljJDturr - ljJDturr.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.acm.cs.rpi.edu/~knightlife/carshow/imgp0248.jpg
O24 - Desktop Component 1: (no name) - http://www.injen.com/new_layout/special/evoviii/header.jpg
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
5. September 2008 @ 10:13 |
Link to this message
|
Hi cubfan_02,
This line from your HJT Log:
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
Is bad news.
Check these:
http://www.greatis.com/appdata/d/n/ntspool.exe.htm
http://www.bleepingcomputer.com/startups/NTSpool.exe-20591.html
http://spywarefiles.prevx.com/RRIEDA35000936/NTSPOOL.EXE.html
http://www.castlecops.com/s15843-NTSpool.html
http://www.prevx.com/filenames/X63113070...EMP_01.EXE.html
This, of the identified infections, is a backdoor Trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let me know what you have decided to do in your next post.
Thanks, 2OG
P.S. I will be working through Sunday and may not be able to get back to you until Monday so, think it over, let me know and I?ll get back to you as soon as possible.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
cubfan_02
Newbie
|
5. September 2008 @ 22:10 |
Link to this message
|
|
i would like to clean it if possible
|
AfterDawn Addict
|
7. September 2008 @ 09:48 |
Link to this message
|
Hi cubfan_02,
My handle is 2oldGeek, and I will be helping you to remove any infection(s) that you may have.
Please note! that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.
Please observe these rules while we work:
? Perform all actions in the order given.
? If you don't know, stop and ask! Don't keep going on.
? Please reply to this thread. Do not start a new topic.
? Stick with it till you're given the all clear.
? REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
First, let?s do a little Pre-Cleaning and Post some Logs so we can see what?s going on?
Please download ATF Cleaner by Atribune & save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Download ComboFix from Here
Very Important! Temporarily disable your anti-virus (Kaspersky), script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
? Please post the MBAM Log, ComboFix Log and a fresh HJT log in your next reply.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
cubfan_02
Newbie
|
10. September 2008 @ 19:17 |
Link to this message
|
here are the logs
ComboFix 08-09-10.02 - 2008-09-10 17:38:14.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Juan Villalobos\Application Data\inst.exe
C:\WINDOWS\system32\_004618_.tmp.dll
C:\WINDOWS\system32\_004619_.tmp.dll
C:\WINDOWS\system32\_004620_.tmp.dll
C:\WINDOWS\system32\_004621_.tmp.dll
C:\WINDOWS\system32\_004628_.tmp.dll
C:\WINDOWS\system32\_004629_.tmp.dll
C:\WINDOWS\system32\_004630_.tmp.dll
C:\WINDOWS\system32\_004631_.tmp.dll
C:\WINDOWS\system32\_004632_.tmp.dll
C:\WINDOWS\system32\_004633_.tmp.dll
C:\WINDOWS\system32\_004634_.tmp.dll
C:\WINDOWS\system32\_004635_.tmp.dll
C:\WINDOWS\system32\_004636_.tmp.dll
C:\WINDOWS\system32\_004637_.tmp.dll
C:\WINDOWS\system32\_004638_.tmp.dll
C:\WINDOWS\system32\_004639_.tmp.dll
C:\WINDOWS\system32\_004640_.tmp.dll
C:\WINDOWS\system32\_004641_.tmp.dll
C:\WINDOWS\system32\_004642_.tmp.dll
C:\WINDOWS\system32\_004644_.tmp.dll
C:\WINDOWS\system32\_004647_.tmp.dll
C:\WINDOWS\system32\_004648_.tmp.dll
C:\WINDOWS\system32\_004652_.tmp.dll
C:\WINDOWS\system32\_004653_.tmp.dll
C:\WINDOWS\system32\_004654_.tmp.dll
C:\WINDOWS\system32\_004655_.tmp.dll
C:\WINDOWS\system32\_004656_.tmp.dll
C:\WINDOWS\system32\_004657_.tmp.dll
C:\WINDOWS\system32\_004658_.tmp.dll
C:\WINDOWS\system32\_004660_.tmp.dll
C:\WINDOWS\system32\_004661_.tmp.dll
C:\WINDOWS\system32\_004662_.tmp.dll
C:\WINDOWS\system32\_004663_.tmp.dll
C:\WINDOWS\system32\_004664_.tmp.dll
C:\WINDOWS\system32\_004665_.tmp.dll
C:\WINDOWS\system32\_004666_.tmp.dll
C:\WINDOWS\system32\_004667_.tmp.dll
C:\WINDOWS\system32\_004668_.tmp.dll
C:\WINDOWS\system32\_004669_.tmp.dll
C:\WINDOWS\system32\_004670_.tmp.dll
C:\WINDOWS\system32\_004671_.tmp.dll
C:\WINDOWS\system32\_004674_.tmp.dll
C:\WINDOWS\system32\_004675_.tmp.dll
C:\WINDOWS\system32\_004676_.tmp.dll
C:\WINDOWS\system32\_004678_.tmp.dll
C:\WINDOWS\system32\_004679_.tmp.dll
C:\WINDOWS\system32\_004680_.tmp.dll
C:\WINDOWS\system32\_004681_.tmp.dll
C:\WINDOWS\system32\_004682_.tmp.dll
C:\WINDOWS\system32\_004684_.tmp.dll
C:\WINDOWS\system32\_004687_.tmp.dll
C:\WINDOWS\system32\_004688_.tmp.dll
C:\WINDOWS\system32\_004692_.tmp.dll
C:\WINDOWS\system32\_004693_.tmp.dll
C:\WINDOWS\system32\_004695_.tmp.dll
C:\WINDOWS\system32\_004698_.tmp.dll
C:\WINDOWS\system32\_004700_.tmp.dll
C:\WINDOWS\system32\_004701_.tmp.dll
C:\WINDOWS\system32\_004702_.tmp.dll
C:\WINDOWS\system32\_004703_.tmp.dll
C:\WINDOWS\system32\_004706_.tmp.dll
C:\WINDOWS\system32\_004707_.tmp.dll
C:\WINDOWS\system32\_004708_.tmp.dll
C:\WINDOWS\system32\_004709_.tmp.dll
C:\WINDOWS\system32\_004710_.tmp.dll
C:\WINDOWS\system32\_004715_.tmp.dll
C:\WINDOWS\system32\_004717_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cjgmytnl.ini
C:\WINDOWS\system32\cnhorggd.ini
C:\WINDOWS\system32\faqubhav.dll
C:\WINDOWS\system32\gnuxadws.ini
C:\WINDOWS\system32\sabxxyno.dll
C:\WINDOWS\system32\SYaaHkkj.ini
C:\WINDOWS\system32\SYaaHkkj.ini2
C:\WINDOWS\system32\wgcknf.dll
----- BITS: Possible infected sites -----
http://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Documents and Settings\Juan Villalobos\Application Data\Malwarebytes
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 18:45 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 18:45 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 21:30 . 2008-09-07 21:30 <DIR> d-------- C:\Program Files\Netflix
2008-09-07 06:20 . 2008-09-07 06:20 30,946 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2008-09-07 06:20 . 2008-09-07 06:20 28,672 --a------ C:\WINDOWS\system32\Partizan.exe
2008-09-07 06:19 . 2008-09-07 06:19 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-09-06 20:52 . 2008-09-06 20:57 <DIR> d-------- C:\Program Files\MLB TV Mosaic
2008-09-06 20:36 . 2008-09-06 20:36 <DIR> d-------- C:\Program Files\MSBuild
2008-09-06 20:31 . 2008-09-06 20:31 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-06 20:25 . 2008-09-06 20:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-06 20:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-03 21:39 . 2008-09-03 21:36 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-03 21:36 . 2008-09-03 23:56 <DIR> d-------- C:\Documents and Settings\Juan Villalobos\.housecall6.6
2008-09-03 20:40 . 2008-09-03 20:40 95 --a------ C:\WINDOWS\wininit.ini
2008-09-03 19:07 . 2008-09-03 19:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-03 19:07 . 2008-09-03 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 18:27 . 2008-09-03 18:27 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-03 18:27 . 2008-09-03 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 18:26 . 2008-09-03 18:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 18:06 . 2008-09-03 18:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 17:32 . 2008-09-03 17:32 <DIR> d-------- C:\Program Files\Autobahn
2008-09-03 17:32 . 2008-09-05 19:39 <DIR> d-------- C:\Documents and Settings\Juan Villalobos\.autobahn
2008-09-02 09:37 . 2008-09-02 10:49 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 09:37 . 2008-09-02 10:49 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 09:36 . 2008-09-02 09:36 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-02 09:36 . 2008-09-09 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-02 09:36 . 2008-09-10 17:58 5,951,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 09:36 . 2008-09-10 17:46 83,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 09:36 . 2008-09-10 17:56 81,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 09:36 . 2008-09-10 17:46 9,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-01 18:48 . 2008-09-01 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-29 21:39 . 2008-08-29 21:45 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-29 17:40 . 2008-08-29 17:40 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-08-29 17:38 . 2008-08-30 11:28 <DIR> d-------- C:\Program Files\ESET
2008-08-28 21:05 . 2008-08-28 21:05 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-08-28 21:05 . 2008-08-28 21:05 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-08-28 20:56 . 2008-08-29 21:44 <DIR> d-------- C:\Program Files\BitDefender
2008-08-28 20:56 . 2008-08-28 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-24 14:35 . 2008-08-24 14:35 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-08-24 14:35 . 2008-08-24 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-22 05:56 . 2008-09-05 18:32 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-20 18:59 . 2008-08-20 19:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 17:47 . 2008-08-19 17:47 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-19 17:07 . 2008-04-13 14:27 2,188,928 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-17 17:32 . 2008-08-20 19:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-17 17:32 . 2008-08-20 19:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-17 17:31 . 2008-08-20 19:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-17 17:31 . 2008-08-20 19:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-17 17:11 . 2004-08-04 03:00 71,040 --a------ C:\WINDOWS\system32\drivers\_004602_.tmp.dll
2008-08-17 16:21 . 2008-04-13 19:12 8,461,312 --a------ C:\WINDOWS\system32\SET2EA.tmp
2008-08-17 16:20 . 2008-04-13 19:11 2,843,136 --a------ C:\WINDOWS\system32\SET3C2.tmp
2008-08-17 16:19 . 2008-04-13 19:11 1,267,200 --a------ C:\WINDOWS\system32\SET4D6.tmp
2008-08-17 16:18 . 2008-04-13 19:11 1,025,024 --a------ C:\WINDOWS\system32\SET500.tmp
2008-08-13 20:12 . 2008-08-13 20:12 <DIR> d-------- C:\Documents and Settings\Juan Villalobos\Application Data\ITTNord
2008-08-13 20:11 . 2008-08-13 20:11 <DIR> d-------- C:\WINDOWS\Money Tree
2008-08-12 06:11 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 22:46 --------- d-----w C:\Documents and Settings\Juan Villalobos\Application Data\uTorrent
2008-09-10 03:06 --------- d-----w C:\Documents and Settings\Juan Villalobos\Application Data\Vso
2008-09-07 01:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 15:51 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-30 17:06 3,192 ----a-w C:\Documents and Settings\Juan Villalobos\Application Data\wklnhst.dat
2008-08-30 16:44 --------- d-----w C:\Program Files\Safari
2008-08-30 16:14 --------- d-----w C:\Program Files\DivX
2008-08-29 22:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-29 22:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-24 23:07 --------- d-----w C:\Program Files\ATI Technologies
2008-08-06 12:02 --------- d-----w C:\Documents and Settings\Juan Villalobos\Application Data\Apple Computer
2008-08-06 11:20 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 04:56 --------- d-----w C:\Program Files\iTunes
2008-08-06 04:55 --------- d-----w C:\Program Files\iPod
2008-08-06 04:52 --------- d-----w C:\Program Files\QuickTime
2008-08-04 03:34 --------- d-----w C:\Program Files\Java
2008-08-04 03:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-04 03:20 --------- d-----w C:\Program Files\Brother
2008-07-29 02:59 --------- d-----w C:\Program Files\You MUST browse to the host program plugin dir
2008-07-27 19:08 --------- d-----w C:\Documents and Settings\Juan Villalobos\Application Data\dvdcss
2008-07-23 01:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-19 03:18 --------- d-----w C:\Program Files\uCertify
2008-07-19 03:16 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-19 03:16 --------- d-----w C:\Program Files\AWS
2008-07-19 03:15 --------- d-----w C:\Program Files\Verizon Wireless
2008-07-19 03:13 --------- d-----w C:\Program Files\FlashFXP
2008-07-19 03:13 --------- d-----w C:\Program Files\Farm Frenzy
2008-07-19 03:10 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-19 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-25 13:05 81,920 ----a-w C:\Documents and Settings\Juan Villalobos\Application Data\ezpinst.exe
2008-04-25 13:05 47,360 ----a-w C:\Documents and Settings\Juan Villalobos\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 1964840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-05 180269]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe [2008-03-30 799496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=C:\WINDOWS\pss\Auto Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=C:\WINDOWS\pss\MLB.TV NexDef Plug-in.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Juan Villalobos^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Juan Villalobos\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Juan Villalobos^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Juan Villalobos\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Juan Villalobos^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Juan Villalobos\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Juan Villalobos^Start Menu^Programs^Startup^VZAccess Manager.lnk]
path=C:\Documents and Settings\Juan Villalobos\Start Menu\Programs\Startup\VZAccess Manager.lnk
backup=C:\WINDOWS\pss\VZAccess Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 06:55 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-09-10 21:46 1964840 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premium Clock]
--a------ 2006-10-05 20:42 1118208 C:\Program Files\Premium Clock\Premium.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
--a------ 2006-10-18 22:58 8704 C:\Program Files\Windows Media Connect 2\WMCCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"12188:TCP"= 12188:TCP:BitComet 12188 TCP
"12188:UDP"= 12188:UDP:BitComet 12188 UDP
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-03-29 33408]
R1 eabfiltr;EABFiltr;C:\WINDOWS\system32\drivers\EABFiltr.sys [2004-04-14 7432]
R1 eeCtrl;Symantec Eraser Control driver;C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-30 395312]
R1 FileDisk;FileDisk;C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-11-03 68096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-12-17 424320]
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-09 11648]
S3 eabusb;eabusb;C:\WINDOWS\system32\drivers\eabusb.sys [2003-06-06 5220]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys [ ]
S3 hpqwmi;HP WMI Interface;C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-09-07 30946]
S3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys [2007-11-11 47360]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 55344]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 9200]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 69632]
S3 Rasirda;WAN Miniport (IrDA);C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [ ]
S3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 UltraCrypt;UltraCrypt;C:\Program Files\UltraLeecher_USENET\UltraCrypt.sys [ ]
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbbus;LGE CDMA Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [ ]
S3 UsbDiag;LGE CDMA USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [ ]
S3 USBModem;LGE CDMA USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [ ]
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 XTrapD12;XTrapD12;C:\WINDOWS\system32\XTrapD12.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BJCFD - C:\Program Files\BroadJump\Client Foundation\CFD.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-AIM - C:\Program Files\AIM\aim.exe
MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe
MSConfigStartUp-AnyDVD - C:\Documents and Settings\Juan Villalobos\My Documents\My eBooks\install\AnyDVD\AnyDVD.exe
MSConfigStartUp-BitComet - C:\Program Files\BitComet\BitComet.exe
MSConfigStartUp-ControlCenter2 - C:\Program Files\Brother\ControlCenter2\brctrcen.exe
MSConfigStartUp-dvd43 - C:\Program Files\dvd43\dvd43_tray.exe
MSConfigStartUp-EasyLinkAdvisor - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
MSConfigStartUp-HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-PC Alarm Clock - C:\Program Files\PC Alarm Clock\pcalarmclock.exe
MSConfigStartUp-SetDefPrt - C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
MSConfigStartUp-Spyware Doctor - C:\Program Files\Spyware Doctor\swdoctor.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Veoh - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Juan Villalobos\Application Data\Mozilla\Firefox\Profiles\ecnqhjgu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - C:\Documents and Settings\Juan Villalobos\Application Data\Mozilla\Firefox\Profiles\ecnqhjgu.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 17:57:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?8?6?3??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\oreans32]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-10 18:09:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-10 23:08:41
Pre-Run: 24,777,863,168 bytes free
Post-Run: 24,705,765,376 bytes free
398 --- E O F --- 2008-09-09 23:06:44
Malwarebytes' Anti-Malware 1.27
Database version: 1134
Windows 5.1.2600 Service Pack 3
9/9/2008 9:13:28 PM
mbam-log-2008-09-09 (21-13-16).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 140811
Time elapsed: 1 hour(s), 37 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bdd714bc-d36c-487b-8142-8ba020fb6535} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\DivoCodec (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\Documents and Settings\Juan Villalobos\My Documents\My eBooks\CORE10k.EXE (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP945\A0243884.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP949\A0247550.vxd (Adware.Winad) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP949\A0248584.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP949\A0248585.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fsacnucl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mhjkgyoi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\monicrmb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\svscqd.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\DivoCodec\unins000.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\BM74b41f6d.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM74b41f6d.txt (Trojan.Vundo) -> No action taken.
|
AfterDawn Addict
|
10. September 2008 @ 19:45 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
cubfan_02
Newbie
|
10. September 2008 @ 22:18 |
Link to this message
|
here ya go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:08 PM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.mlb.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1134261515046
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D937284-0C90-4A53-9BAE-050C6B32DDEC}: NameServer = 65.24.7.10,65.24.7.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C16856F-15E4-4666-A4EA-19C6CF58C939}: NameServer = 65.24.7.10,65.24.7.11
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.acm.cs.rpi.edu/~knightlife/carshow/imgp0248.jpg
O24 - Desktop Component 1: (no name) - http://www.injen.com/new_layout/special/evoviii/header.jpg
--
End of file - 10880 bytes
|
AfterDawn Addict
|
10. September 2008 @ 23:49 |
Link to this message
|
@ cubfan_02,
Please download the OTMoveIt2 by OldTimer.
? Save it to your desktop.
? Please double-click OTMoveIt2.exe to run it.
? Copy the lines in the box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Quote:
C:\WINDOWS\winstart.bat
C:\WINDOWS\system32\SET2EA.tmp
C:\WINDOWS\system32\SET3C2.tmp
C:\WINDOWS\system32\SET4D6.tmp
C:\WINDOWS\system32\SET500.tmp
? Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the Yellow bar) and choose Paste.
? Click the red Moveit! button.
? Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
? Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If this goes well, you should be Clean?
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
cubfan_02
Newbie
|
11. September 2008 @ 19:42 |
Link to this message
|
|
C:\WINDOWS\winstart.bat moved successfully.
C:\WINDOWS\system32\SET2EA.tmp moved successfully.
C:\WINDOWS\system32\SET3C2.tmp moved successfully.
C:\WINDOWS\system32\SET4D6.tmp moved successfully.
C:\WINDOWS\system32\SET500.tmp moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09112008_184019
looks like everything is good do u need a new hijack this log?to make sure
|
|
