1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hit by tojan.vundo, and adware.virtumonde

Discussion in 'Virus & Other Malware Removal' started by SesshomaruDC, Sep 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. SesshomaruDC

    SesshomaruDC Thread Starter

    Joined:
    Sep 27, 2007
    Messages:
    3
    I read a lot of the forums and tried a lot by myself.
    I ran vundofix, then combofix, then cleanup.
    After that i ran spybot, and symantec and it came back clean.
    I want to make sure its all fixed.
    So I ran hijack this, can someone check out my log and see if it looks good.
    Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 11:48:30 AM, on 9/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145134402718
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C5CA5E7F-58DB-4FFF-9DC2-3E83158DEC9F} (IEActiveXCtl Class) - http://startrekccg.decipher.com/sign_in/launcher/ddactivexctl.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Can you rerun ComboFix and post the results?
     
  3. SesshomaruDC

    SesshomaruDC Thread Starter

    Joined:
    Sep 27, 2007
    Messages:
    3
    STILL RUNNING A LITTLE SLOW

    ComboFix 07-09-21.2 - "Administrator" 2007-09-27 18:36:26.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -7:00]
    .

    ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
    .

    2007-09-27 18:02 <DIR> d-------- C:\VundoFix Backups
    2007-09-27 12:30 <DIR> d-------- C:\Bleach English Dubs
    2007-09-27 11:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-27 10:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-09-27 10:21 11,840 --------- C:\WINDOWS\system32\mytlhbgw.dll
    2007-09-27 09:56 11,840 --a------ C:\WINDOWS\system32\kfpbiktb.dll
    2007-09-27 08:41 11,840 --a------ C:\WINDOWS\system32\asavpthr.dll
    2007-09-27 08:38 11,840 --a------ C:\WINDOWS\system32\qkhrlahp.dll
    2007-09-27 08:37 11,840 --a------ C:\WINDOWS\system32\rgtheuai.dll
    2007-09-27 08:00 2,351,611 ---hs---- C:\WINDOWS\system32\ddeeg.ini2
    2007-09-27 08:00 11,840 --a------ C:\WINDOWS\system32\yfpbnsrn.dll
    2007-09-27 07:27 <DIR> d-------- C:\Inetpub
    2007-09-27 07:26 11,840 --a------ C:\WINDOWS\system32\ksxpovfs.dll
    2007-09-27 07:21 11,840 --a------ C:\WINDOWS\system32\lntjhixc.dll
    2007-09-27 07:06 11,840 --a------ C:\WINDOWS\system32\hnrhelev.dll
    2007-09-26 21:29 11,840 --a------ C:\WINDOWS\system32\cfqhfoai.dll
    2007-09-26 19:39 11,840 --a------ C:\WINDOWS\system32\amsfdnuq.dll
    2007-09-26 19:29 11,840 --a------ C:\WINDOWS\system32\hqqvtexg.dll
    2007-09-26 18:46 11,840 --a------ C:\WINDOWS\system32\vdugpser.dll
    2007-09-26 17:06 11,840 --a------ C:\WINDOWS\system32\ufvlbijw.dll
    2007-09-26 14:15 11,840 --a------ C:\WINDOWS\system32\hpventxc.dll
    2007-09-26 11:16 11,840 --a------ C:\WINDOWS\system32\tnlrmlyr.dll
    2007-09-25 16:05 11,840 --a------ C:\WINDOWS\system32\jnyhbygy.dll
    2007-09-25 15:09 11,840 --a------ C:\WINDOWS\system32\ttmsmxgj.dll
    2007-09-25 14:19 <DIR> d-------- C:\Program Files\Riverdeep
    2007-09-25 07:54 311,872 --a------ C:\WINDOWS\system32\geedd.dll
    2007-09-24 22:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-09-18 18:49 <DIR> d-------- C:\FULL_METAL_ALCHEMIST_V1
    2007-09-13 17:15 212,992 --a------ C:\WINDOWS\UnVt.exe
    2007-09-13 17:15 <DIR> d-------- C:\Program Files\Activision Value
    2007-09-12 07:42 <DIR> d-------- C:\Downloads
    2007-09-12 07:41 <DIR> d-------- C:\Program Files\BitComet
    2007-09-03 10:05 <DIR> d-------- C:\The King Of Kong
    2007-09-02 22:17 <DIR> d-------- C:\Superbad.TS.INTERNAL.XViD-mVs
    2007-08-30 17:45 <DIR> d-------- C:\WINDOWS\NV6682868.TMP
    2007-08-30 16:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Nexon
    2007-08-30 16:02 <DIR> d-------- C:\Nexon

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-27 18:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
    2007-09-27 10:48 --------- d-------- C:\Program Files\Microsoft ActiveSync
    2007-09-27 10:48 --------- d-------- C:\Program Files\iTunes
    2007-09-27 10:48 --------- d-------- C:\Program Files\Common Files\Symantec Shared
    2007-09-27 10:48 --------- d-------- C:\Program Files\Common Files\LightScribe
    2007-09-26 17:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-25 11:34 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    2007-09-24 22:50 --------- d-------- C:\Program Files\Common Files\Ahead
    2007-09-20 17:49 --------- d-------- C:\Program Files\Azureus
    2007-09-20 11:55 --------- d-------- C:\Program Files\LimeWire
    2007-09-12 14:21 --------- d-------- C:\Program Files\Broderbund
    2007-08-30 17:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
    2007-08-30 17:33 --------- d-------- C:\Program Files\Vampire The Masquerade - Redemption
    2007-08-30 16:49 --------- d-------- C:\Program Files\Codec Pack - All In 1
    2007-08-30 16:39 --------- d-------- C:\Program Files\SystemRequirementsLab
    2007-08-25 21:22 --------- d-------- C:\Program Files\Netflix
    2007-08-25 19:31 --------- d-------- C:\Program Files\ffdshow
    2007-08-24 20:18 737280 --a------ C:\WINDOWS\iun6002.exe
    2007-08-22 19:06 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-22 16:48 --------- d-------- C:\Program Files\Samsung
    2007-08-17 11:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund
    2007-08-16 08:26 --------- d-------- C:\Program Files\ImTOO
    2007-08-15 19:21 --------- d-------- C:\Program Files\Mobiola Studio for Windows Mobile
    2007-08-12 20:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    2007-08-12 20:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-10 00:58 --------- d-------- C:\Program Files\WS_FTP
    2007-08-10 00:58 --------- d-------- C:\Program Files\PokerStars
    2007-08-10 00:53 --------- d-------- C:\Program Files\Yahoo!
    2007-08-08 17:56 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gamelab
    2007-08-08 16:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    2007-08-03 15:55 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
    2007-08-03 09:25 --------- d-------- C:\Program Files\World of Warcraft
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-09 17:55 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvusmb.exe
    2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvunrm.exe
    2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvuide.exe
    2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
    2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
    2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
    2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
    2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
    2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
    2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
    2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
    2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
    2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
    2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
    2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
    2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
    2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
    2006-08-08 16:58 0 ---h----- C:\Program Files\AppUpdate.log
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D581C9FD-0B1F-4C91-A5A0-63CE8261DF10}]
    2007-09-25 07:54 311872 --a------ C:\WINDOWS\system32\geedd.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
    "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 12:30]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-27 06:35 C:\WINDOWS\SOUNDMAN.EXE]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "nwiz"="nwiz.exe" [2002-01-02 10:02 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2002-01-02 10:02]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 02:50 C:\WINDOWS\LOGI_MWX.EXE]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" []
    "EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 04:00]
    "DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-02-16 11:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2002-01-02 10:02]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 05:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-13 12:37:15]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{af3fd9a8-1287-4159-9212-9a5b4494af70}"= C:\WINDOWS\system32\guxxa.dll [ ]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedd.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"


    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
    R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
    S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
    S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
    S3 musbehco;musbehco;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\musbehco.sys
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-820.sys
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys
    S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\C:\WINDOWS\system32\UnlockerDriver4.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e344d83-c8f4-11da-be14-00e04cdb9186}]
    AutoRun\command- G:\OblivionLauncher.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2dc88f8-421d-11da-baa8-806d6172696f}]
    AutoRun\command- E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f710475e-a584-11da-bdde-000b23bece74}]
    AutoRun\command- G:\AutoRun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-26 04:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-10-21 18:53:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-27 18:38:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-27 18:39:29
    C:\ComboFix-quarantined-files.txt ... 2007-09-27 18:39
    C:\ComboFix2.txt ... 2007-09-27 11:27
    C:\ComboFix3.txt ... 2007-09-27 11:15
    .
    --- E O F ---
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Well we haven't removed anything yet

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.
     
  5. SesshomaruDC

    SesshomaruDC Thread Starter

    Joined:
    Sep 27, 2007
    Messages:
    3
    i got this error when following your directions
    Error: selected file does not appear to be a valid script.
    Error code: 1114
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Are you including the words "Files to delete"?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/630092

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice