Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Issues w/ Network/Internet -- virus related?

(New)
(!)

dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
09-Apr-2008, 10:47 AM #1
Issues w/ Network/Internet -- virus related?
Hey all,

My problem is this--I am living in an apartment with 3 other guys all of who use the same network to access the internet. A few weeks ago my trend micro alerted
me that a JAVA_BYTEVER.BK "trojan horse" had been found and that it could not be repaired/quarantined. However, I ran micro and saw that it was in fact in the quarantine folder.

I assumed that there was not a problem as over the next three weeks things ran smoothly.

Yesterday during the day the internet stopped working in our apartment. I have no idea if the two things are connected at all (if this could be having an effect on the computers/internets of my roommates on top of my own). I went on to run trend and a few other spyware programs (spyeraser). Trend found a virus that it called "TSPY_NETPASS.B" -- I looked this up and it seems to be some sort of a password searcher for outlook/IE... trend said that it had successfully quarantined the file which had infected a pwtemp folder.

The rest of the computer seems to be working fine, I have disabled the network connection (which I can re-enable in safe mode (still no access to internet). What if anything can I do and is there a likelihood that this is the cause of the internet problems for my roommates?

Thank you all very much for your time

-Dave

A few additions - perhaps this will help
I ran the internet explorer Network Diagnostic and it came up with, among other things, the following
Invalid IP address
-error - unexpected error from iphlpapi: The pipe is being closed.
DNS - Not a home user scenario
warn - Unrecognized WinSock NSP: mdnsNSP
Error Code: Ox2afc - either gateway or DNS issue
warn - corrupted IP routing table
default route missing/invalid
warn - invalid ARP cache entries
ARP cache has been flushed

Also I cannot access the internet even in safe mode with networking--
I am working with Windows XP

Last edited by dlello2; 10-Apr-2008 at 10:25 AM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
12-Apr-2008, 02:35 PM #2
Hi and welcome to TSG,

I see you're running XP but do you have SP2 installed?

If so, do this (if not, please let me know as the instructions will be different):

Go to Start - Run - type in cmd and click OK.

At the command prompt type in:

netsh winsock reset catalog

Press enter.

then type in:

netsh int ip reset resetlog.txt

Press enter.

You will need to reboot afterwards.


Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
13-Apr-2008, 03:17 PM #3
Hey thanks a lot for your help thus far. I do have SP2 -- Internet is working in the apartment so I am posting this from the (likely) infected computer. I ran HJT and this is what it came up with.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:52 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\Update.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system\Update.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\System32\svchost.exe
C:\Windows\System32\drivers\setup\irc\irc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
E:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [startup netsend] net send localhost "Hello Dave!"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1136431801904
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136431792482
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10565 bytes

Thanks a lot,
Dave
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
13-Apr-2008, 06:01 PM #4
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
  • Instead of Windows loading as normal, the Advanced Options Menu should appear
  • Select the first option, to run Windows in Safe Mode, then press Enter
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to the clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
13-Apr-2008, 07:19 PM #5
Here is the report.txt --Thanks

SDFix: Version 1.170
Run by Dimension 4500 on Sun 04/13/2008 at 06:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\23.tmp - Deleted
C:\WINDOWS\system32\24.tmp - Deleted
C:\WINDOWS\system32\11F.tmp - Deleted
C:\WINDOWS\system\Update.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:13:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:0d,e0,7c,1a,59,49,d1,39,88,68,a8,53,93,76,14,8e,f9,e9,3a,7a,4d, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3f,a7,50,27,04,77,74,2e,d3,b1,99,cc,01,ff,99,2a,a1 ,..
"khjeh"=hex:3a,28,36,c0,ca,dd,89,c6,71,95,1b,e8,01,ea,46,a4,f8,1c,c0,bf,de, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,97,3d,2c,8e,42,cf,02,97,ee,43,5a,76,6b,1c,f6,e5,58,c1,db,3f, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:22,dd,89,81,77,13,15,d9,76,56,93,e6,de,69,b2,39,5b,0e,45,54,ed, ..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:0d,e0,7c,1a,59,49,d1,39,88,68,a8,53,93,76,14,8e,f9,e9,3a,7a,4d, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3f,a7,50,27,04,77,74,2e,d3,b1,99,cc,01,ff,99,2a,a1 ,..
"khjeh"=hex:3a,28,36,c0,ca,dd,89,c6,71,95,1b,e8,01,ea,46,a4,f8,1c,c0,bf,de, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,97,3d,2c,8e,42,cf,02,97,ee,43,5a,76,6b,1c,f6,e5,58,c1,db,3f, ..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:22,dd,89,81,77,13,15,d9,76,56,93,e6,de,69,b2,39,5b,0e,45,54,ed, ..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\E SENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E3 64682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:0d,e0,7c,1a,59,49,d1,39,88,68,a8,53,93,76,14,8e,f9,e9,3a,7a,4d, ..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E3 64682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3f,a7,50,27,04,77,74,2e,d3,b1,99,cc,01,ff,99,2a,a1 ,..
"khjeh"=hex:3a,28,36,c0,ca,dd,89,c6,71,95,1b,e8,01,ea,46,a4,f8,1c,c0,bf,de, ..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E3 64682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:36,97,3d,2c,8e,42,cf,02,97,ee,43,5a,76,6b,1c,f6,e5,58,c1,db,3f, ..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E3 64682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:22,dd,89,81,77,13,15,d9,76,56,93,e6,de,69,b2,39,5b,0e,45,54,ed, ..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137385451\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137385451\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137385451\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137385451\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1137449873\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137449873\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137449873\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137449873\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 10 Mar 2008 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc4858.tmp"
Tue 12 Feb 2008 24,576 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc52.tmp"
Wed 26 Mar 2008 28,160 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc5210.tmp"
Wed 26 Mar 2008 29,184 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc5211.tmp"
Wed 26 Mar 2008 29,696 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc5212.tmp"
Tue 12 Feb 2008 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc53.tmp"
Thu 8 Nov 2007 1,268 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc77.tmp"
Sun 16 Apr 2006 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc825.tmp"
Mon 17 Apr 2006 27,648 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc826.tmp"
Mon 17 Apr 2006 30,208 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc827.tmp"
Mon 17 Apr 2006 31,744 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc828.tmp"
Mon 17 Apr 2006 27,136 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc829.tmp"
Sun 16 Apr 2006 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc830.tmp"
Mon 17 Apr 2006 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc831.tmp"
Mon 17 Apr 2006 27,648 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc832.tmp"
Sun 16 Apr 2006 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc833.tmp"
Mon 14 Aug 2006 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc847.tmp"
Fri 8 Feb 2008 36,352 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc848.tmp"
Mon 17 Apr 2006 31,744 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc849.tmp"
Thu 7 Feb 2008 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc850.tmp"
Thu 7 Feb 2008 26,624 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc851.tmp"
Thu 7 Feb 2008 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc852.tmp"
Thu 7 Feb 2008 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc853.tmp"
Thu 7 Feb 2008 30,208 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc854.tmp"
Wed 19 Apr 2006 35,840 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc855.tmp"
Fri 8 Feb 2008 31,232 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc856.tmp"
Thu 7 Feb 2008 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc857.tmp"
Thu 7 Feb 2008 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc858.tmp"
Tue 12 Feb 2008 25,088 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc859.tmp"
Wed 19 Apr 2006 32,256 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc860.tmp"
Tue 12 Feb 2008 25,600 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc861.tmp"
Wed 19 Apr 2006 32,768 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc862.tmp"
Fri 8 Feb 2008 34,816 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc863.tmp"
Thu 7 Feb 2008 26,624 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc864.tmp"
Fri 8 Feb 2008 32,256 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc865.tmp"
Wed 19 Apr 2006 35,840 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc866.tmp"
Wed 19 Apr 2006 35,328 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc867.tmp"
Thu 7 Feb 2008 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc868.tmp"
Thu 7 Feb 2008 27,648 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc869.tmp"
Fri 8 Feb 2008 31,744 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc870.tmp"
Thu 7 Feb 2008 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-583907252-1409082233-682003330-1004\Dc871.tmp"
Mon 22 Oct 2007 88 ..SHR --- "C:\WINDOWS\system32\98ADE16A7D.sys"
Mon 22 Oct 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 2 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\ BIT1A.tmp"
Wed 9 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\ BIT16.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\ BIT4.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Dimension 4500\Application Data\U3\temp\Launchpad Removal.exe"

Finished!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
14-Apr-2008, 01:12 PM #6
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
14-Apr-2008, 01:42 PM #7
Thanks for the reply...

Here is the combofix log

ComboFix 08-04-13.3 - Dimension 4500 2008-04-14 12:35:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.631 [GMT -5:00]
Running from: C:\Documents and Settings\Dimension 4500\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-13 21:35 . 2008-04-13 22:27 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-13 20:36 . 2008-04-13 20:36 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\BitDefender
2008-04-13 20:34 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\BitDefender
2008-04-13 20:34 . 2008-04-13 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-13 20:33 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-13 18:02 . 2008-04-13 18:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 17:46 . 2008-04-13 18:17 <DIR> d-------- C:\SDFix
2008-04-10 01:30 . 2008-04-10 01:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-06 22:41 . 2008-04-06 22:41 <DIR> d-------- C:\Program Files\MSECache
2008-03-30 02:48 . 2008-03-30 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-30 02:47 . 2008-03-30 02:47 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\MSN6
2008-03-28 14:37 . 2008-04-14 12:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 14:37 . 2008-03-28 14:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 22:15 . 2005-11-10 14:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-27 17:52 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.housecall6.6
2008-03-27 15:00 . 2008-04-14 12:17 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.rainlendar2
2008-03-27 14:59 . 2008-03-27 14:59 <DIR> d-------- C:\Program Files\Rainlendar2
2008-03-26 21:57 . 2008-03-26 21:57 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Zepsoft
2008-03-26 21:56 . 2008-03-26 21:56 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 21:33 . 2008-04-14 02:00 <DIR> d-------- C:\WINDOWS\system32\drivers\setup
2008-03-26 21:17 . 2008-03-26 21:17 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Bret Taylor
2008-03-26 21:16 . 2008-03-26 21:16 <DIR> d-------- C:\Program Files\Bret Taylor
2008-03-26 17:41 . 2008-03-26 17:42 <DIR> d-------- C:\Program Files\Notepad++
2008-03-26 17:41 . 2008-03-26 17:43 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Notepad++
2008-03-25 23:05 . 2008-03-25 23:05 <DIR> d-------- C:\Program Files\Daily Alarm Clock
2008-03-25 16:38 . 2008-03-25 17:14 <DIR> d-------- C:\Program Files\CyPet
2008-03-24 16:30 . 2008-04-13 17:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 16:30 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-24 16:17 . 2008-03-24 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 11:47 . 2008-03-24 11:47 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 01:04 . 2008-03-14 01:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 17:18 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Skype
2008-04-14 17:16 --------- d-----w C:\Program Files\Plaxo
2008-04-13 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-12 21:43 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 06:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-10 00:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 23:28 --------- d-----w C:\Program Files\Microsoft Games
2008-04-08 21:41 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Ruckus Network
2008-03-27 22:29 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-27 00:41 --------- d-----w C:\Program Files\MagicISO
2008-03-27 00:32 --------- d-----w C:\Program Files\Java
2008-03-25 22:17 --------- d-----w C:\Program Files\eMusic Download Manager
2008-03-25 22:15 --------- d-----w C:\Program Files\DOS Applications
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-13 18:33 --------- d-----w C:\Program Files\Uniblue
2008-03-13 18:33 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Uniblue
2008-03-06 23:15 --------- d-----w C:\Program Files\iTunes
2008-03-06 23:11 --------- d-----w C:\Program Files\iPod
2008-03-06 22:57 --------- d-----w C:\Program Files\QuickTime
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-25 04:50 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Move Networks
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 14:36 --------- d-----w C:\Program Files\UltraISO
2008-02-19 14:34 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-19 04:29 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-19 04:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-19 04:20 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\DAEMON Tools
2008-02-18 15:39 --------- d-----w C:\Program Files\HP
2008-02-18 15:39 --------- d-----w C:\Program Files\Common Files\HP
2008-02-18 15:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-18 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-18 15:27 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\HP
2008-02-17 16:02 --------- d-----w C:\Program Files\VDMSound
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-02-11 21:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-05 05:08 32 --sha-w C:\WINDOWS\{00E6FEEF-26C6-4686-984B-6A76DCA22797}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\{0385268C-A0B1-4A19-B08F-49A2787C24AF}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{11B15A89-F4BB-4E02-95CD-7708CCA17D3F}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{5828B0D3-9AB4-4B81-A498-BD3662AD3475}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{B9C3CC9A-59D9-4F64-A817-7ED9B5B38A74}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\{E8AC622D-2097-436C-9156-280F29B353D0}.dat
2007-10-22 23:19 88 --sh--r C:\WINDOWS\system32\98ADE16A7D.sys
2007-10-22 23:19 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-01-05 05:08 32 --sha-w C:\WINDOWS\system32\{42083E56-FAEA-435C-AC8C-EFE0F6FCB6C1}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{45B1A323-01E2-4CC7-8E0C-DB3B0EE41CAB}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{4BC8F67F-C337-482A-89A8-DFF2B15F21FA}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{641EDB02-C5FD-4B37-B302-F8C297827226}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\system32\{6FD5594F-091C-4C49-A2F1-377F8F13776A}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\system32\{D134ADB3-D8B1-455D-B836-90A1C8E6EDC0}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 12:35 335872]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [ ]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 16:24 185896]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-04-30 19:46 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"startup netsend"="net send localhost Hello Dave!" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [2006-01-11 09:21:58 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2002-04-08 09:54]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dc4fddf6-e22e-11db-aca7-0008a11f7b5a}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 22:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-04 20:26:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 21:26:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-07 01:51:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 12:37:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"
.
Completion time: 2008-04-14 12:38:03
ComboFix-quarantined-files.txt 2008-04-14 17:37:51

Pre-Run: 89,300,738,048 bytes free
Post-Run: 89,295,413,248 bytes free
.
2008-04-10 18:30:11 --- E O F ---

After combofix I ran HJT again and this is the new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:50 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [startup netsend] net send localhost "Hello Dave!"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1136431801904
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136431792482
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9589 bytes

Thanks again,

Dave
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
14-Apr-2008, 02:20 PM #8
Is your version of Windows XP 64-bit?
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
14-Apr-2008, 05:22 PM #9
It is a 32-bit version of windows
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
14-Apr-2008, 05:57 PM #10
Go to Control Panel - Add/Remove programs and remove any of these you see there:

Viewpoint
Viewpoint Manager
Viewpoint Media Player



Open Notepad and copy and paste the text in the code box below into it:

Code:
DirLook::
C:\WINDOWS\system32\drivers\setup

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"=-
"manager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startup netsend"=-
"Windows Updates"=-
"manager"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Important! This infection steals passwords so you need to create new passwords from a clean computer for logins and any banking or financial transactions you do on-line.
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
14-Apr-2008, 06:20 PM #11
All of the viewpoint programs have been deleted

Here is the new combofix log

ComboFix 08-04-13.3 - Dimension 4500 2008-04-14 17:12:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.619 [GMT -5:00]
Running from: C:\Documents and Settings\Dimension 4500\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dimension 4500\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-13 21:35 . 2008-04-13 22:27 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-13 20:36 . 2008-04-13 20:36 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\BitDefender
2008-04-13 20:34 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\BitDefender
2008-04-13 20:34 . 2008-04-13 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-13 20:33 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-13 18:02 . 2008-04-13 18:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 17:46 . 2008-04-13 18:17 <DIR> d-------- C:\SDFix
2008-04-10 01:30 . 2008-04-10 01:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-06 22:41 . 2008-04-06 22:41 <DIR> d-------- C:\Program Files\MSECache
2008-03-30 02:48 . 2008-03-30 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-30 02:47 . 2008-03-30 02:47 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\MSN6
2008-03-28 14:37 . 2008-04-14 12:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 14:37 . 2008-03-28 14:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 22:15 . 2005-11-10 14:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-27 17:52 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.housecall6.6
2008-03-27 15:00 . 2008-04-14 12:17 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.rainlendar2
2008-03-27 14:59 . 2008-03-27 14:59 <DIR> d-------- C:\Program Files\Rainlendar2
2008-03-26 21:57 . 2008-03-26 21:57 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Zepsoft
2008-03-26 21:56 . 2008-03-26 21:56 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 21:33 . 2008-04-14 02:00 <DIR> d-------- C:\WINDOWS\system32\drivers\setup
2008-03-26 21:17 . 2008-03-26 21:17 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Bret Taylor
2008-03-26 21:16 . 2008-03-26 21:16 <DIR> d-------- C:\Program Files\Bret Taylor
2008-03-26 17:41 . 2008-03-26 17:42 <DIR> d-------- C:\Program Files\Notepad++
2008-03-26 17:41 . 2008-03-26 17:43 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Notepad++
2008-03-25 23:05 . 2008-03-25 23:05 <DIR> d-------- C:\Program Files\Daily Alarm Clock
2008-03-25 16:38 . 2008-03-25 17:14 <DIR> d-------- C:\Program Files\CyPet
2008-03-24 16:30 . 2008-04-13 17:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 16:30 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-24 16:17 . 2008-03-24 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 11:47 . 2008-03-24 11:47 <DIR> d-------- C:\Program Files\PowerISO
2008-03-14 01:04 . 2008-03-14 01:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:11 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Skype
2008-04-14 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-04-14 22:09 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint
2008-04-14 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-14 17:16 --------- d-----w C:\Program Files\Plaxo
2008-04-13 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-12 21:43 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 06:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-10 00:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 23:28 --------- d-----w C:\Program Files\Microsoft Games
2008-04-08 21:41 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Ruckus Network
2008-03-27 22:29 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-27 00:41 --------- d-----w C:\Program Files\MagicISO
2008-03-27 00:32 --------- d-----w C:\Program Files\Java
2008-03-25 22:17 --------- d-----w C:\Program Files\eMusic Download Manager
2008-03-25 22:15 --------- d-----w C:\Program Files\DOS Applications
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-13 18:33 --------- d-----w C:\Program Files\Uniblue
2008-03-13 18:33 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Uniblue
2008-03-06 23:15 --------- d-----w C:\Program Files\iTunes
2008-03-06 23:11 --------- d-----w C:\Program Files\iPod
2008-03-06 22:57 --------- d-----w C:\Program Files\QuickTime
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-25 04:50 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Move Networks
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 14:36 --------- d-----w C:\Program Files\UltraISO
2008-02-19 14:34 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-19 04:29 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-19 04:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-19 04:20 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\DAEMON Tools
2008-02-18 15:39 --------- d-----w C:\Program Files\HP
2008-02-18 15:39 --------- d-----w C:\Program Files\Common Files\HP
2008-02-18 15:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-18 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-18 15:27 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\HP
2008-02-17 16:02 --------- d-----w C:\Program Files\VDMSound
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-02-11 21:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-05 05:08 32 --sha-w C:\WINDOWS\{00E6FEEF-26C6-4686-984B-6A76DCA22797}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\{0385268C-A0B1-4A19-B08F-49A2787C24AF}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{11B15A89-F4BB-4E02-95CD-7708CCA17D3F}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{5828B0D3-9AB4-4B81-A498-BD3662AD3475}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{B9C3CC9A-59D9-4F64-A817-7ED9B5B38A74}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\{E8AC622D-2097-436C-9156-280F29B353D0}.dat
2007-10-22 23:19 88 --sh--r C:\WINDOWS\system32\98ADE16A7D.sys
2007-10-22 23:19 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-01-05 05:08 32 --sha-w C:\WINDOWS\system32\{42083E56-FAEA-435C-AC8C-EFE0F6FCB6C1}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{45B1A323-01E2-4CC7-8E0C-DB3B0EE41CAB}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{4BC8F67F-C337-482A-89A8-DFF2B15F21FA}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{641EDB02-C5FD-4B37-B302-F8C297827226}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\system32\{6FD5594F-091C-4C49-A2F1-377F8F13776A}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\system32\{D134ADB3-D8B1-455D-B836-90A1C8E6EDC0}.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\drivers\setup ----

2008-04-14 02:00 227 --a------ C:\WINDOWS\system32\drivers\setup\servers.txt
2008-04-14 00:30 174342 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\test8.exe
2008-04-13 23:00 162515 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\dlr6.exe
2008-04-13 16:44 154856 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\m2.exe
2008-04-08 08:56 163310 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\dlr5.exe
2008-04-08 06:26 149622 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\m1.exe
2008-04-08 02:25 173852 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\test7.exe
2008-04-08 01:25 82063 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe
2008-04-07 12:23 159698 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\dlr4.exe
2008-04-06 23:52 173864 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\test6.exe
2008-04-06 21:51 6 --a------ C:\WINDOWS\system32\drivers\setup\irc\server.txt
2008-04-04 12:29 155886 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\dlr1.exe
2008-04-04 11:58 173182 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\test4.exe
2008-04-03 01:54 638976 --a------ C:\WINDOWS\system32\drivers\setup\downloader\files\rob2.exe
2007-09-05 03:15 305 --a------ C:\WINDOWS\system32\drivers\setup\cmd.txt
2007-07-29 21:37 24576 --a------ C:\WINDOWS\system32\drivers\setup\hosts\hostsmon.exe
2007-07-06 05:04 632 --a------ C:\WINDOWS\system32\drivers\setup\startup.reg
2007-07-06 04:08 21 --a------ C:\WINDOWS\system32\drivers\setup\hosts\server.txt
2007-07-04 23:23 40960 --a------ C:\WINDOWS\system32\drivers\setup\downloader\downloader.exe
1998-06-24 00:00 108336 --a------ C:\WINDOWS\system32\drivers\setup\mswinsck.ocx


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 12:35 335872]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 10:42 9479448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 16:24 185896]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-04-30 19:46 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [2006-01-11 09:21:58 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2002-04-08 09:54]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dc4fddf6-e22e-11db-aca7-0008a11f7b5a}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 22:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-14 22:03:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 21:26:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-07 01:51:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 17:14:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"
.
Completion time: 2008-04-14 17:15:06
ComboFix-quarantined-files.txt 2008-04-14 22:14:56
ComboFix2.txt 2008-04-14 17:38:04

Pre-Run: 91,611,750,400 bytes free
Post-Run: 91,642,146,816 bytes free
.
2008-04-10 18:30:11 --- E O F ---

Here is the new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:45 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1136431801904
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136431792482
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8917 bytes


-Dave

ps- I used this computer for most all of my online financial dealings:
2 online banking accounts, 2 paypal accounts, and a few sights for online bill payment (AT&T).
I have checked these and it appears that they have not been tampered with--you would recommend that I still access them from a different computer and change the passwords? Is there anything else I should do to make sure they are secure?
Thanks again for your help

Last edited by dlello2; 14-Apr-2008 at 07:22 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
15-Apr-2008, 01:33 PM #12
Yes, I definitely recommend you change all passwords. You could also contact those financial institutions to get them to watch for suspicious activity.

Open Notepad and copy and paste the text in the code box below into it:

Code:
Folder::
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint
C:\WINDOWS\system32\drivers\setup

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"=-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
15-Apr-2008, 03:45 PM #13
COMBOFIX LOG

ComboFix 08-04-13.3 - Dimension 4500 2008-04-15 14:34:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.596 [GMT -5:00]
Running from: C:\Documents and Settings\Dimension 4500\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dimension 4500\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1324369662.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1510592702.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1627719655.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-229496160.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-405317999.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-725440902.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-735583800.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1745690438.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\358953496.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\456817750.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\617478198.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1017321819.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1510502644.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2073163128.mzv
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-588947290.mtz
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-873313396.mtz
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-916845981.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1076943612.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1224228534.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1300140075.mtz
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\663127232.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-130594357.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1679681788.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\333454497.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\697383590.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1054858782.gif
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1381594637.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-192973655.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-280947783.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-299097121.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-359462623.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-392772276.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1086973273.mzv
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1099791092.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1586664009.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\170927699.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1770026168.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\358953575.mtz
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\512883148.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\602720530.swf
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\806738442.mts
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Dimension 4500\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\WINDOWS\system32\drivers\setup
C:\WINDOWS\system32\drivers\setup\cmd.txt
C:\WINDOWS\system32\drivers\setup\downloader\downloader.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\dlr1.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\dlr4.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\dlr5.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\dlr6.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\m1.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\m2.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\rob2.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\test4.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\test6.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\test7.exe
C:\WINDOWS\system32\drivers\setup\downloader\files\test8.exe
C:\WINDOWS\system32\drivers\setup\hosts\hostsmon.exe
C:\WINDOWS\system32\drivers\setup\hosts\server.txt
C:\WINDOWS\system32\drivers\setup\irc\server.txt
C:\WINDOWS\system32\drivers\setup\mswinsck.ocx
C:\WINDOWS\system32\drivers\setup\servers.txt
C:\WINDOWS\system32\drivers\setup\startup.reg

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 21:35 . 2008-04-14 23:54 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-13 20:36 . 2008-04-13 20:36 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\BitDefender
2008-04-13 20:34 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\BitDefender
2008-04-13 20:34 . 2008-04-13 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-13 20:33 . 2008-04-13 20:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-13 18:02 . 2008-04-13 18:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 17:46 . 2008-04-13 18:17 <DIR> d-------- C:\SDFix
2008-04-10 01:30 . 2008-04-10 01:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-06 22:41 . 2008-04-06 22:41 <DIR> d-------- C:\Program Files\MSECache
2008-03-30 02:48 . 2008-03-30 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-30 02:47 . 2008-03-30 02:47 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\MSN6
2008-03-28 14:37 . 2008-04-15 08:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 14:37 . 2008-03-28 14:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 22:15 . 2005-11-10 14:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-27 17:52 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.housecall6.6
2008-03-27 15:00 . 2008-04-15 08:34 <DIR> d-------- C:\Documents and Settings\Dimension 4500\.rainlendar2
2008-03-27 14:59 . 2008-03-27 14:59 <DIR> d-------- C:\Program Files\Rainlendar2
2008-03-26 21:57 . 2008-03-26 21:57 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Zepsoft
2008-03-26 21:56 . 2008-03-26 21:56 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-03-26 21:17 . 2008-03-26 21:17 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Bret Taylor
2008-03-26 21:16 . 2008-03-26 21:16 <DIR> d-------- C:\Program Files\Bret Taylor
2008-03-26 17:41 . 2008-03-26 17:42 <DIR> d-------- C:\Program Files\Notepad++
2008-03-26 17:41 . 2008-03-26 17:43 <DIR> d-------- C:\Documents and Settings\Dimension 4500\Application Data\Notepad++
2008-03-25 23:05 . 2008-03-25 23:05 <DIR> d-------- C:\Program Files\Daily Alarm Clock
2008-03-25 16:38 . 2008-03-25 17:14 <DIR> d-------- C:\Program Files\CyPet
2008-03-24 16:30 . 2008-04-13 17:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 16:30 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-24 16:17 . 2008-03-24 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 11:47 . 2008-03-24 11:47 <DIR> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 13:34 --------- d-----w C:\Program Files\Plaxo
2008-04-15 13:34 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Skype
2008-04-14 22:09 --------- d-----w C:\Program Files\Viewpoint
2008-04-14 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-13 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-12 21:43 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 06:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-10 00:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 23:28 --------- d-----w C:\Program Files\Microsoft Games
2008-04-08 21:41 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Ruckus Network
2008-03-27 22:29 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-27 00:41 --------- d-----w C:\Program Files\MagicISO
2008-03-27 00:32 --------- d-----w C:\Program Files\Java
2008-03-25 22:17 --------- d-----w C:\Program Files\eMusic Download Manager
2008-03-25 22:15 --------- d-----w C:\Program Files\DOS Applications
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-13 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-13 18:33 --------- d-----w C:\Program Files\Uniblue
2008-03-13 18:33 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Uniblue
2008-03-06 23:15 --------- d-----w C:\Program Files\iTunes
2008-03-06 23:11 --------- d-----w C:\Program Files\iPod
2008-03-06 22:57 --------- d-----w C:\Program Files\QuickTime
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-25 04:50 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\Move Networks
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 14:36 --------- d-----w C:\Program Files\UltraISO
2008-02-19 14:34 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-19 04:29 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-19 04:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-19 04:20 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\DAEMON Tools
2008-02-18 15:39 --------- d-----w C:\Program Files\HP
2008-02-18 15:39 --------- d-----w C:\Program Files\Common Files\HP
2008-02-18 15:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-18 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-18 15:27 --------- d-----w C:\Documents and Settings\Dimension 4500\Application Data\HP
2008-02-17 16:02 --------- d-----w C:\Program Files\VDMSound
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-02-11 21:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-05 05:08 32 --sha-w C:\WINDOWS\{00E6FEEF-26C6-4686-984B-6A76DCA22797}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\{0385268C-A0B1-4A19-B08F-49A2787C24AF}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{11B15A89-F4BB-4E02-95CD-7708CCA17D3F}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{5828B0D3-9AB4-4B81-A498-BD3662AD3475}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\{B9C3CC9A-59D9-4F64-A817-7ED9B5B38A74}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\{E8AC622D-2097-436C-9156-280F29B353D0}.dat
2007-10-22 23:19 88 --sh--r C:\WINDOWS\system32\98ADE16A7D.sys
2007-10-22 23:19 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-01-05 05:08 32 --sha-w C:\WINDOWS\system32\{42083E56-FAEA-435C-AC8C-EFE0F6FCB6C1}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{45B1A323-01E2-4CC7-8E0C-DB3B0EE41CAB}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{4BC8F67F-C337-482A-89A8-DFF2B15F21FA}.dat
2006-01-05 05:07 32 --sha-w C:\WINDOWS\system32\{641EDB02-C5FD-4B37-B302-F8C297827226}.dat
2006-01-05 05:09 32 --sha-w C:\WINDOWS\system32\{6FD5594F-091C-4C49-A2F1-377F8F13776A}.dat
2006-01-05 05:10 32 --sha-w C:\WINDOWS\system32\{D134ADB3-D8B1-455D-B836-90A1C8E6EDC0}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_12.37.41.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:16:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 13:33:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 12:35 335872]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 10:42 9479448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 16:24 185896]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-04-30 19:46 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 20:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [2006-01-11 09:21:58 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139354471\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2002-04-08 09:54]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{dc4fddf6-e22e-11db-aca7-0008a11f7b5a}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 22:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-14 22:03:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-24 21:26:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-07 01:51:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 14:36:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pgfilter]
"ImagePath"="\??\C:\Program Files\PeerGuardian2\pgfilter.sys"
.
Completion time: 2008-04-15 14:37:14
ComboFix-quarantined-files.txt 2008-04-15 19:37:05
ComboFix2.txt 2008-04-14 22:15:07
ComboFix3.txt 2008-04-14 17:38:04

Pre-Run: 91,734,552,576 bytes free
Post-Run: 91,713,363,968 bytes free
.
2008-04-10 18:30:11 --- E O F ---


-Dave

ps- hjt log in the next reply (no many characters)
dlello2's Avatar
dlello2 dlello2 is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2008
Experience: Intermediate
15-Apr-2008, 03:46 PM #14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:10 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139354471\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1136431801904
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136431792482
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8918 bytes

-Thanks,

Dave
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,501 posts.
 
Join Date: Aug 2003
15-Apr-2008, 06:18 PM #15
In addition to BitDefender, I see entries for Trend and Panda. You should remove all components of the others as they may conflict and cause problems.

For a firewall, you can get the free ZoneAlarm.


Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe



Reboot and post a new HijackThis log please.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑