Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Virus of some sort

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Virus of some sort

Unread postby patio87 » June 2nd, 2008, 10:08 pm

This virus is really killing me. I have my hijackthis and my smitfraud.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:15, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\Desktoptopia\Desktoptopia.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Patrick.PAT-HYA53CEZFCS\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [isCfgWiz] "E:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [94ac8437] rundll32.exe "E:\WINDOWS\system32\gaksefvx.dll",b
O4 - HKLM\..\Run: [BM6f7dec61] Rundll32.exe "E:\WINDOWS\system32\ukvjmlvj.dll",s
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Desktoptopia.lnk = E:\Program Files\Desktoptopia\Desktoptopia.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8422 bytes













SmitFraudFix v2.323

Scan done at 21:01:14.85, Mon 06/02/2008
Run from D:\My Downloads\Drivers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End










SmitFraudFix v2.323

Scan done at 7:23:31.06, Thu 06/05/2008
Run from D:\My Downloads\Drivers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\My Downloads\Drivers\SmitfraudFix\Policies.exe
E:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE348F0E-04D9-4DAE-8C04-5DDB227B088D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
patio87
Active Member
 
Posts: 6
Joined: June 2nd, 2008, 9:38 pm
Top
Advertisement
Register to Remove

Re: Virus of some sort

Unread postby John B. » June 5th, 2008, 11:13 am

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

I see you already started to run tools yourself, but the tool you ran targets a totally different infection than the infection you have, and this tool will even crash your computer if it is ran without care! Please do not go on crashing your computer yourself, so do not run any tools unless I say it. After having said this, we come to the rules

These rules are good for you to know:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

These rules are to make my voluntary work more comfortable:
  • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a fresh HijackThis log.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Re: Virus of some sort

Unread postby patio87 » June 6th, 2008, 11:39 pm

When I go and click save list, hijackthis just closes out. I tried doing it in safe mode and it still won't let me.
patio87
Active Member
 
Posts: 6
Joined: June 2nd, 2008, 9:38 pm
Top

Re: Virus of some sort

Unread postby John B. » June 7th, 2008, 2:09 am

Please rename HijackThis.exe to GoodStuff.exe and try again :)
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Re: Virus of some sort

Unread postby patio87 » June 7th, 2008, 2:16 pm

Smart guy, you'll have to let me know why it works now just by renaming it? Thanks.



32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
America's Army
Apache HTTP Server 2.2.8
AppCore
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BearShare
BioShock
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
ccCommon
Close Combat Cross of Iron
Close Combat Invasion Normandy
Combat Mission Shock Force
Command & Conquer Red Alert 2
Command & Conquer Tiberian Sun
Component Framework
Desktoptopia for Windows BETA
DivX Codec
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVDInfoPro
eMule
Evrsoft First Page 2006
FinalBurner Free v1.30.0.127
FLV Player 2.0, build 24
Forgotten Hope 2
GIMP 2.4.5
Half-Life 2
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Image Resizer Powertoy for Windows XP
ImgBurn
Insurgency ( Remove only)
InterVideo DeviceService
iTunes
Java(TM) 6 Update 5
Kazaa Lite Resurrection 0.0.7.6 F
LimeWire 4.18.1
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)
Microsoft Visual C# 2008 Express Edition - ENU
Microsoft Visual C# 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft WorldWide Telescope
Microsoft XNA Game Studio Express 1.0 Refresh
mIRC
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Natural Color Pro
Nero 8
neroxml
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Notepad++
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
PowerISO
Project Reality 0.708 Core
Project Reality 0.708 Levels
Project Reality 0.75
Project64 1.6
QuickTime
ratDVD 0.78.1444
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Shop for HP Supplies
Source SDK Base
SPBBC 32bit
Spybot - Search & Destroy 1.4
SpyHunter
Symantec Real Time Storage Protection Component
SymNet
Ulead DVD MovieFactory 6
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VCRedistSetup
VNC Free Edition 4.1.1
Westwood Shared Internet Components
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WingMan Software
XBCD 1.07
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
patio87
Active Member
 
Posts: 6
Joined: June 2nd, 2008, 9:38 pm
Top

Re: Virus of some sort

Unread postby patio87 » June 7th, 2008, 2:19 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:08, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\PROGRA~1\Mozilla Firefox\firefox.exe
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
D:\Program Files\Trend Micro\HijackThis\Goodstuff.exe
E:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Patrick.PAT-HYA53CEZFCS\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [94ac8437] rundll32.exe "E:\WINDOWS\system32\qkahdjuv.dll",b
O4 - HKLM\..\Run: [BM6f7dec61] Rundll32.exe "E:\WINDOWS\system32\jyfwjxvw.dll",s
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8065 bytes
patio87
Active Member
 
Posts: 6
Joined: June 2nd, 2008, 9:38 pm
Top

Re: Virus of some sort

Unread postby John B. » June 8th, 2008, 11:52 am

Hi,

Smart guy, you'll have to let me know why it works now just by renaming it?

The bad guys do not like us and our tools. That is why they try to hide the infections in our logs and try to make our tools stop working. The way they do that is by a blacklist of executibles (like HijackThis.exe) so if our tools do not work renaming will work most of the times as the new name is not on the blacklist.

Something strange happened, because you ran this version of HijackThis:
D:\Program Files\Trend Micro\HijackThis\Goodstuff.exe
But you also ran it from your desktop at the same time.

Please close ALL open windows (firefox, etc.) (leave your Anti Virus, etc. running in the system tray) and run Goodstuff.exe and post its log.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Re: Virus of some sort

Unread postby patio87 » June 8th, 2008, 9:54 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:04, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
D:\Program Files\Trend Micro\HijackThis\Goodstuff.exe
E:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {30C7DE51-CBFF-4852-9714-CAD148A25DBC} - E:\WINDOWS\system32\ddcCTjjI.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - E:\WINDOWS\system32\pmnlkKeB.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {632abc96-bc51-efca-89f4-f52f2f07553f} - {f35570f2-f25f-4f98-acfe-15cb69cba236} - E:\WINDOWS\system32\oyahemkb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM6f7dec61] Rundll32.exe "E:\WINDOWS\system32\didjgisw.dll",s
O4 - HKLM\..\Run: [94ac8437] rundll32.exe "E:\WINDOWS\system32\mmwdiqrb.dll",b
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O20 - Winlogon Notify: pmnlkKeB - E:\WINDOWS\SYSTEM32\pmnlkKeB.dll
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8833 bytes











32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
America's Army
Apache HTTP Server 2.2.8
AppCore
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BearShare
BioShock
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
ccCommon
Close Combat Cross of Iron
Close Combat Invasion Normandy
Combat Mission Shock Force
Command & Conquer Red Alert 2
Command & Conquer Tiberian Sun
Component Framework
Desktoptopia for Windows BETA
DivX Codec
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVDInfoPro
eMule
Evrsoft First Page 2006
FinalBurner Free v1.30.0.127
FLV Player 2.0, build 24
Forgotten Hope 2
GIMP 2.4.5
Half-Life 2
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Image Resizer Powertoy for Windows XP
ImgBurn
Insurgency ( Remove only)
InterVideo DeviceService
iTunes
Java(TM) 6 Update 5
Kazaa Lite Resurrection 0.0.7.6 F
LimeWire 4.18.1
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749)
Microsoft Visual C# 2008 Express Edition - ENU
Microsoft Visual C# 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft WorldWide Telescope
Microsoft XNA Game Studio Express 1.0 Refresh
mIRC
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Natural Color Pro
Nero 8
neroxml
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Notepad++
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
PowerISO
Project Reality 0.708 Core
Project Reality 0.708 Levels
Project Reality 0.75
Project64 1.6
QuickTime
ratDVD 0.78.1444
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Shop for HP Supplies
Source SDK Base
SPBBC 32bit
Spybot - Search & Destroy 1.4
SpyHunter
Symantec Real Time Storage Protection Component
SymNet
Ulead DVD MovieFactory 6
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VCRedistSetup
VNC Free Edition 4.1.1
Westwood Shared Internet Components
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WingMan Software
XBCD 1.07
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
patio87
Active Member
 
Posts: 6
Joined: June 2nd, 2008, 9:38 pm
Top

Re: Virus of some sort

Unread postby John B. » June 9th, 2008, 10:55 am

Hi,

Let's start fixing your computer now ;) This infection can sometimes be stubborn and maybe it we have to hit it a few times before it surrenders. From your uninstall list I can see you have SpyHunter. Please take a look at this note:
http://www.spywarewarrior.com/rogue_ant ... tm#sh_note
I recommend removing SpyHunter from your system. If you do not know how to do that please tell me :)

P2P Warning!
From your logs I can see that one or multiple P2P programs are installed on your computer. While most P2P programs are not malicious themselves, there's no guarantee that the files downloaded are. Please refrain from using it/them while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

Please also read Malware Removal's Guide on P2P Programs.

Step 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 2: Download and Run ComboFix
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: It is important that it is saved directly to your desktop!

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to do that for your programs see this webpage:
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on combofix.exe & follow the prompts. Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

Note: Remember to re-enable your anti virus and anti malware programs.

Step 3: Download and Run Batchfile
Please do it like this:
  • RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download mslook.bat
  • Save it to your desktop
  • Double-click mslook.bat
  • Save the logfile that it produces to your desktop.

Step 4: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Fresh HijackThis log
  • ComboFix log
  • mslook log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Top

Re: Virus of some sort

Unread postby Shaba » June 14th, 2008, 7:53 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 154 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index