1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My computer has been acting up lately...

Discussion in 'Virus & Other Malware Removal' started by naroth, Jul 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. naroth

    naroth Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    9
    Hi,
    My computer seems to have been infected by a couple of trojans but BitDefender can't seem to get it at its source as it keeps coming back. I read another thread and did some of the steps. I ran vundofix and combofix but it still has me paranoid and I was wondering if someone could please look over the hijackthis log and tell me how I'm doing. Thanks

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:20:31 PM, on 7/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file://E:\LTOCX14N.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: jkkjg - C:\WINDOWS\
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5770 bytes
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Please post the combofix log, you can find it here C:\Combofix.txt
     
  3. naroth

    naroth Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    9
    Here's the combofix log. Thanks for the help
    "Owner" - 2007-07-06 23:18:41 - ComboFix 07-07-04.4 - Service Pack 2


    ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


    2007-07-06 18:47 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-06 18:45 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-06 18:38 <DIR> d-------- C:\VundoFix Backups
    2007-07-06 18:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-07-06 18:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-06 01:33 528 --a------ C:\WINDOWS\eReg.dat
    2007-07-06 01:33 <DIR> d-------- C:\Program Files\Maxis
    2007-07-06 00:12 144,896 --a------ C:\WINDOWS\system32\schannel.dll
    2007-07-05 19:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-05 19:28 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\SUPERAntiSpyware.com
    2007-07-05 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-05 19:11 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\.housecall6.6
    2007-07-05 18:44 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-05 18:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-05 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-05 03:25 <DIR> d-------- C:\Program Files\sXe Injected
    2007-07-05 03:06 <DIR> d-------- C:\Program Files\Counter-Strike 1.6
    2007-07-01 06:06 1,872,812 ---hs---- C:\WINDOWS\system32\gjkkj.ini2
    2007-06-30 20:53 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-30 20:53 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-30 20:53 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-30 20:53 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-30 20:53 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-30 20:53 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-06-30 20:53 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PC Tools
    2007-06-30 20:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-06-30 20:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Help
    2007-06-30 20:32 <DIR> d-------- C:\WINDOWS\pss
    2007-06-30 19:07 <DIR> d-------- C:\Program Files\Easy SpyRemover
    2007-06-28 15:17 64,808 --a------ C:\WINDOWS\War3Unin.dat
    2007-06-28 15:17 2,829 --a------ C:\WINDOWS\War3Unin.pif
    2007-06-28 15:17 139,264 --a------ C:\WINDOWS\War3Unin.exe
    2007-06-28 15:16 <DIR> d-------- C:\Program Files\Warcraft III
    2007-06-27 23:01 <DIR> d-------- C:\temp_dvd
    2007-06-27 23:01 <DIR> d-------- C:\Program Files\Dvd-cloner
    2007-06-27 22:56 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Webroot
    2007-06-27 22:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-06-27 22:12 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Bitdefender
    2007-06-27 22:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
    2007-06-27 16:10 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Systweak
    2007-06-27 16:07 <DIR> d-------- C:\Program Files\Advanced System Optimizer
    2007-06-26 14:50 56 -r-hs---- C:\WINDOWS\system32\B1FF19A1E2.sys
    2007-06-26 14:50 1,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-26 14:49 <DIR> d-------- C:\Program Files\Enterbrain
    2007-06-26 14:49 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
    2007-06-26 13:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Ahead
    2007-06-26 13:42 <DIR> d-------- C:\Program Files\Nero
    2007-06-26 13:42 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2007-06-26 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-06-26 13:24 <DIR> d-------- C:\Program Files\LimeWire
    2007-06-26 13:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Incomplete
    2007-06-26 13:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\LimeWire
    2007-06-25 20:20 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-06-25 18:10 <DIR> d-------- C:\divx
    2007-06-24 14:32 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\DivX
    2007-06-24 14:29 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-06-24 14:29 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-24 14:29 <DIR> d-------- C:\Program Files\DivX
    2007-06-24 12:07 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-06-24 12:07 70,656 --a------ C:\WINDOWS\ScUnin.exe
    2007-06-24 12:07 32,845 --a------ C:\WINDOWS\scunin.dat
    2007-06-24 12:07 <DIR> d-------- C:\Program Files\Starcraft
    2007-06-24 12:04 <DIR> d-------- C:\Program Files\Trillian
    2007-06-24 12:04 <DIR> d-------- C:\Program Files\Alex Feinman
    2007-06-24 12:01 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WhenU
    2007-06-24 02:35 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-24 01:45 <DIR> d-------- C:\Program Files\Vstplugins
    2007-06-24 01:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Publish Providers
    2007-06-24 01:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\NetMedia Providers
    2007-06-24 01:43 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
    2007-06-24 01:43 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
    2007-06-24 01:43 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Sony
    2007-06-24 01:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
    2007-06-24 01:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server
    2007-06-24 01:40 <DIR> d-------- C:\Program Files\Sony
    2007-06-24 01:39 <DIR> d-------- C:\Program Files\Sony Setup
    2007-06-23 23:27 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Azureus
    2007-06-23 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    2007-06-23 23:26 <DIR> d-------- C:\Program Files\Azureus
    2007-06-23 04:33 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-06-11 23:14 <DIR> d-------- C:\WINDOWS\vbSkinner
    2007-06-11 23:11 <DIR> d-------- C:\Program Files\PFConfig
    2007-06-11 22:50 <DIR> d-------- C:\Program Files\WinMX
    2007-06-09 19:31 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\CyberLink
    2007-06-09 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-06 06:37:29 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-07-05 04:32:21 -------- d-----w C:\Program Files\Soulseek
    2007-07-01 01:11:49 -------- d-----w C:\Program Files\Google
    2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-01 18:49:05 -------- d-----w C:\Program Files\XBCD
    2007-05-29 07:17:41 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\AdobeUM
    2007-05-29 01:20:28 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Roxio
    2007-05-29 01:15:32 -------- d-----w C:\Program Files\Common Files\Roxio Shared
    2007-05-29 01:14:07 -------- d-----w C:\Program Files\Roxio
    2007-05-29 00:25:12 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Viewpoint
    2007-05-28 00:32:10 -------- d-----w C:\Program Files\Pure Networks
    2007-05-27 11:20:38 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-05-27 11:17:52 -------- d-----w C:\Program Files\Winamp
    2007-05-27 11:11:39 -------- d-----w C:\Program Files\Common Files\AOL
    2007-05-27 11:11:24 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\AOL
    2007-05-27 10:14:32 -------- d-----w C:\Program Files\BigFix
    2007-05-26 23:17:37 -------- d-----w C:\Program Files\Safer Networking
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 06:39:03 2,250 ----a-w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\wklnhst.dat
    2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
    "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-06-27 23:19]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjg]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Ati HotKey Poller"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7245e7-936a-11db-9fa6-00e0b8b6ed76}]
    AutoRun\command- explorer.exe /select,"\Diagnostic"

    *Newly Created Service* - APPMGMT
    *Newly Created Service* - CATCHME

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-06 23:23:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0
    **************************************************************************

    Completion time: 2007-07-06 23:24:05
    C:\ComboFix-quarantined-files.txt ... 2007-07-06 23:24
    C:\ComboFix2.txt ... 2007-07-06 19:04
    C:\ComboFix3.txt ... 2007-07-06 18:52

    --- E O F ---
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download the attached file named CFScript.txt and Save it to your Desktop.

    [​IMG]

    Refering to the picture above, drag CFScript.txt into ComboFix.exe


    In your next reply, please post a fresh Combofix log and a fresh Hijackthis log.


    Do not run on any other computer!!!! The Attached file CFScript.txt is created for this specfic computer. Running it on another system could cause it to crash or worse.


    ==================================

    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
    2. Read the Requirements and Privacy statement, then select "Accept".
    3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    5. When the download is complete it will say ready, click "Next".
    6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    8. Click "OK".
    9. Under "Select a target to scan", click on "My Computer".
    10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!


    In your next reply, please include the log from Kaspersky. Thanks
     

    Attached Files:

  5. naroth

    naroth Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    9
    Hijackthis log-
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:23:06 PM, on 7/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file://E:\LTOCX14N.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5710 bytes

    combofix log-
    "Owner" - 2007-07-07 20:00:39 - ComboFix 07-07-04.4 - Service Pack 2
    Command switches used :: C:\Documents and Settings\Owner.YOUR-B65D9311C0\Desktop\CFScript.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\gjkkj.ini2


    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-07 17:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-07-07 17:23 <DIR> d-------- C:\WINDOWS\LastGood
    2007-07-07 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-07-06 18:47 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-06 18:45 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-06 18:38 <DIR> d-------- C:\VundoFix Backups
    2007-07-06 18:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-07-06 18:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-06 01:33 528 --a------ C:\WINDOWS\eReg.dat
    2007-07-06 01:33 <DIR> d-------- C:\Program Files\Maxis
    2007-07-06 00:12 144,896 --a------ C:\WINDOWS\system32\schannel.dll
    2007-07-05 19:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-05 19:28 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\SUPERAntiSpyware.com
    2007-07-05 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-05 19:11 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\.housecall6.6
    2007-07-05 18:44 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-05 18:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-05 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-05 03:25 <DIR> d-------- C:\Program Files\sXe Injected
    2007-07-05 03:06 <DIR> d-------- C:\Program Files\Counter-Strike 1.6
    2007-06-30 20:53 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-30 20:53 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-30 20:53 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-30 20:53 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-30 20:53 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-30 20:53 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-06-30 20:53 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PC Tools
    2007-06-30 20:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-06-30 20:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Help
    2007-06-30 20:32 <DIR> d-------- C:\WINDOWS\pss
    2007-06-30 19:07 <DIR> d-------- C:\Program Files\Easy SpyRemover
    2007-06-28 15:17 64,808 --a------ C:\WINDOWS\War3Unin.dat
    2007-06-28 15:17 2,829 --a------ C:\WINDOWS\War3Unin.pif
    2007-06-28 15:17 139,264 --a------ C:\WINDOWS\War3Unin.exe
    2007-06-28 15:16 <DIR> d-------- C:\Program Files\Warcraft III
    2007-06-27 23:01 <DIR> d-------- C:\temp_dvd
    2007-06-27 23:01 <DIR> d-------- C:\Program Files\Dvd-cloner
    2007-06-27 22:56 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Webroot
    2007-06-27 22:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-06-27 22:12 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Bitdefender
    2007-06-27 22:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
    2007-06-27 16:10 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Systweak
    2007-06-27 16:07 <DIR> d-------- C:\Program Files\Advanced System Optimizer
    2007-06-26 14:50 56 -r-hs---- C:\WINDOWS\system32\B1FF19A1E2.sys
    2007-06-26 14:50 1,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-06-26 14:49 <DIR> d-------- C:\Program Files\Enterbrain
    2007-06-26 14:49 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
    2007-06-26 13:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Ahead
    2007-06-26 13:42 <DIR> d-------- C:\Program Files\Nero
    2007-06-26 13:42 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2007-06-26 13:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    2007-06-26 13:24 <DIR> d-------- C:\Program Files\LimeWire
    2007-06-26 13:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Incomplete
    2007-06-26 13:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\LimeWire
    2007-06-25 20:20 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-06-25 18:10 <DIR> d-------- C:\divx
    2007-06-24 14:32 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\DivX
    2007-06-24 14:29 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-06-24 14:29 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-06-24 14:29 <DIR> d-------- C:\Program Files\DivX
    2007-06-24 12:07 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-06-24 12:07 70,656 --a------ C:\WINDOWS\ScUnin.exe
    2007-06-24 12:07 32,845 --a------ C:\WINDOWS\scunin.dat
    2007-06-24 12:07 <DIR> d-------- C:\Program Files\Starcraft
    2007-06-24 12:04 <DIR> d-------- C:\Program Files\Trillian
    2007-06-24 12:04 <DIR> d-------- C:\Program Files\Alex Feinman
    2007-06-24 12:01 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WhenU
    2007-06-24 02:35 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-24 01:45 <DIR> d-------- C:\Program Files\Vstplugins
    2007-06-24 01:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Publish Providers
    2007-06-24 01:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\NetMedia Providers
    2007-06-24 01:43 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
    2007-06-24 01:43 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
    2007-06-24 01:43 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Sony
    2007-06-24 01:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
    2007-06-24 01:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server
    2007-06-24 01:40 <DIR> d-------- C:\Program Files\Sony
    2007-06-24 01:39 <DIR> d-------- C:\Program Files\Sony Setup
    2007-06-23 23:27 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Azureus
    2007-06-23 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    2007-06-23 23:26 <DIR> d-------- C:\Program Files\Azureus
    2007-06-23 04:33 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-06-11 23:14 <DIR> d-------- C:\WINDOWS\vbSkinner
    2007-06-11 23:11 <DIR> d-------- C:\Program Files\PFConfig
    2007-06-11 22:50 <DIR> d-------- C:\Program Files\WinMX
    2007-06-09 19:31 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\CyberLink
    2007-06-09 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-06 06:37:29 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-07-05 04:32:21 -------- d-----w C:\Program Files\Soulseek
    2007-07-01 01:11:49 -------- d-----w C:\Program Files\Google
    2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-01 18:49:05 -------- d-----w C:\Program Files\XBCD
    2007-05-29 07:17:41 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\AdobeUM
    2007-05-29 01:20:28 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Roxio
    2007-05-29 01:15:32 -------- d-----w C:\Program Files\Common Files\Roxio Shared
    2007-05-29 01:14:07 -------- d-----w C:\Program Files\Roxio
    2007-05-29 00:25:12 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Viewpoint
    2007-05-28 00:32:10 -------- d-----w C:\Program Files\Pure Networks
    2007-05-27 11:20:38 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-05-27 11:17:52 -------- d-----w C:\Program Files\Winamp
    2007-05-27 11:11:39 -------- d-----w C:\Program Files\Common Files\AOL
    2007-05-27 11:11:24 -------- d-----w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\AOL
    2007-05-27 10:14:32 -------- d-----w C:\Program Files\BigFix
    2007-05-26 23:17:37 -------- d-----w C:\Program Files\Safer Networking
    2007-05-16 06:39:03 2,250 ----a-w C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\wklnhst.dat
    2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
    "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-06-27 23:19]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Ati HotKey Poller"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7245e7-936a-11db-9fa6-00e0b8b6ed76}]
    AutoRun\command- explorer.exe /select,"\Diagnostic"


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-07 20:03:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-07 20:04:14
    C:\ComboFix-quarantined-files.txt ... 2007-07-07 20:04
    C:\ComboFix2.txt ... 2007-07-06 23:24
    C:\ComboFix3.txt ... 2007-07-06 19:04

    --- E O F ---

    kaspersky log-
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, July 07, 2007 10:20:05 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 8/07/2007
    Kaspersky Anti-Virus database records: 359492
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 94871
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 01:59:14

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\history.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\key3.db Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2c2lcjn.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\History\History.IE5\MSHist012007070720070708\index.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Owner.YOUR-B65D9311C0\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Softwin\BitDefender10\asdict.dat Object is locked skipped
    C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\master.mdf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\model.mdf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\templog.ldf Object is locked skipped
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\LOG\ERRORLOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0018181.exe Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP51\A0028030.exe Infected: not-a-virus:AdTool.Win32.WhenU.c skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP51\A0028048.dll Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0028074.exe Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP67\A0031843.dll Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP68\A0031916.dll Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP74\A0033306.dll Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP74\A0033403.dll Object is locked skipped
    C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP83\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{50C5FE09-3538-4850-8028-B4FEE51FC75B}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\bdss.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_6e8.dat Object is locked skipped
    C:\WINDOWS\Temp\tmp00001ea5\tmp00000000 Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP83\change.log Object is locked skipped

    Scan process completed.
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    How is everything running??
     
  7. naroth

    naroth Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    9
    It's still running kinda sluggish.
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only


    • Save it to your desktop

      Double-click ATF-Cleaner.exe to run the program.

      Under Main choose: Select All

      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Better than before we starting fixing everything???
     
  9. naroth

    naroth Thread Starter

    Joined:
    Jul 6, 2007
    Messages:
    9
    I haven't had a single trojan alert from bitdefender. I think its fixed. Thanks for your time and help. :)
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Good (y)

    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. If you don't have a Firewall installed, please choose from the following:
    3. If you don't have a Anti-Virus installed, please download the following free program:
    4. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    5. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    6. Anti-Spyware Programs I Recommend:
    7. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/592639

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice