Thought i removed Virtumonde but Google still wont work !

unchi · 18-Jun-2008, 03:49 AM #1

So does anyone see anything wrong?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:20 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Azureus\Azureus.exe
F:\backu programs from E\media\VundoFix.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.344\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=T3418
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=T3418
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/virusscan/...p?langid=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {6A41BFB3-0136-4872-B96E-4B8C49016511} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM779b1462] Rundll32.exe "C:\WINDOWS\system32\qutgenfv.dll",s
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O20 - Winlogon Notify: awtuuRJy - awtuuRJy.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6340 bytes

unchi · 18-Jun-2008, 04:24 AM #2

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:12 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3418
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/virusscan/...p?langid=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 5641 bytes

Quote:

ComboFix 08-06-16.5 - Owner 2008-06-18 0:56:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.880 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM779b1462.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cIPpWvut.ini
C:\WINDOWS\system32\cIPpWvut.ini2
C:\WINDOWS\system32\hpwjybni.dll
C:\WINDOWS\system32\inbyjwph.ini
C:\WINDOWS\system32\jwwydvxj.dll
C:\WINDOWS\system32\kTvFOXbc.ini
C:\WINDOWS\system32\kTvFOXbc.ini2
C:\WINDOWS\system32\qutgenfv.dll
C:\WINDOWS\system32\rjbyscbm.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 00:19 . 2008-06-18 00:19 <DIR> d-------- C:\VundoFix Backups
2008-06-17 23:54 . 2008-06-17 23:55 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-06-17 23:36 . 2008-06-18 00:28 <DIR> d-------- C:\Program Files\Firefox
2008-06-17 01:16 . 2008-06-17 01:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-17 01:16 . 2008-06-17 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-17 01:16 . 2008-06-17 01:16 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-17 00:34 . 2008-06-17 02:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-17 00:34 . 2008-06-17 00:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-06-17 00:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-17 00:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-17 00:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-17 00:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-16 23:30 . 2008-06-16 23:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-16 23:30 . 2008-06-16 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 23:17 . 2008-06-15 23:16 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-15 23:17 . 2008-06-15 23:17 2,539 --a------ C:\WINDOWS\unins000.dat
2008-06-07 23:52 . 2008-06-08 23:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-06-07 23:51 . 2008-06-07 23:51 <DIR> d-------- C:\Program Files\DivX
2008-05-30 16:22 . 2008-05-30 16:22 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-22 15:22 . 2008-05-22 15:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:22 . 2008-05-22 15:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 15:22 . 2008-05-22 15:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 15:20 . 2008-05-22 15:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 15:20 . 2008-05-22 15:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 15:19 . 2008-05-22 15:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-22 15:19 . 2008-05-22 15:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 15:19 . 2008-05-22 15:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 15:19 . 2008-05-22 15:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 15:19 . 2008-05-22 15:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 15:19 . 2008-05-22 15:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 15:18 . 2008-05-22 15:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 00:10 . 2007-10-11 18:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-05-19 00:09 . 2008-06-18 01:04 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-19 00:07 . 2008-05-19 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 08:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 08:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-18 07:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-06-18 07:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailWasherPro
2008-06-18 07:15 --------- d-----w C:\Program Files\Trillian
2008-06-17 09:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-17 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 09:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 22:22 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-21 08:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-19 07:12 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-19 07:07 --------- d-----w C:\Program Files\Logitech
2008-05-13 07:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2008-05-13 06:59 256 ----a-w C:\Documents and Settings\Owner\pool.bin
2008-05-13 06:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Research In Motion
2008-05-13 06:52 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-05-13 06:51 --------- d-----w C:\Program Files\Research In Motion
2008-05-08 08:46 --------- d-----w C:\Program Files\AccessPORT Manager
2008-04-28 05:54 --------- d-----w C:\Program Files\Haltech
2008-02-28 03:47 45,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-01-11 06:25 14,745,928 ----a-w C:\Program Files\TDC AP.rar
2007-12-03 23:09 252 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-09-28 05:36 64,755,729 ----a-w C:\Program Files\DYNO-MAX 2000.rar
2007-07-03 22:16 557,056 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe
2007-03-09 00:42 92,064 ----a-w C:\Documents and Settings\Owner\mqdmmdm.sys
2007-03-09 00:42 9,232 ----a-w C:\Documents and Settings\Owner\mqdmmdfl.sys
2007-03-09 00:42 79,328 ----a-w C:\Documents and Settings\Owner\mqdmserd.sys
2007-03-09 00:42 66,656 ----a-w C:\Documents and Settings\Owner\mqdmbus.sys
2007-03-09 00:42 6,208 ----a-w C:\Documents and Settings\Owner\mqdmcmnt.sys
2007-03-09 00:42 5,936 ----a-w C:\Documents and Settings\Owner\mqdmwhnt.sys
2007-03-09 00:42 4,048 ----a-w C:\Documents and Settings\Owner\mqdmcr.sys
2007-03-09 00:42 25,600 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2007-03-09 00:42 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
"Reminder"=%WINDIR%\Creator\Remind_XP.exe
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-17 01:16]
R2 CAN300;CAN300;C:\WINDOWS\system32\drivers\CAN300.SYS [2004-11-19 12:16]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-29 22:53]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 18:07]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 17:43]
R3 DSFlash4;DSFlash4;C:\WINDOWS\system32\drivers\DSFlash4.sys [2003-02-28 12:47]
R3 DSMET16;DSMET16;C:\WINDOWS\system32\drivers\DSMET16.sys [2004-04-07 13:09]
S3 DsDevice;DimSport - Service Device;C:\WINDOWS\system32\DRIVERS\DSDEVICE.SYS [2006-11-15 16:00]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 11:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys []
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys []
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys []
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{84bf04eb-a354-11dc-92e0-0040ca905434}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b144cfb6-a37f-11db-929d-0040ca905434}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dbef03f5-9bec-11da-9785-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 00:15:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2008-06-14 06:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-10-23 15:46:32 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-10-23 15:46:33 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-10-23 15:46:34 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 01:05:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-06-18 1:16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 08:16:05

Pre-Run: 105,004,273,664 bytes free
Post-Run: 105,104,384,000 bytes free

227 --- E O F --- 2008-04-28 05:11:27

better?

unchi · 18-Jun-2008, 04:34 AM #3

seems that google works again!

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)