Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

plz help. win32.trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Elrond » August 7th, 2007, 12:18 pm

That was clean.

I would like you to run one more scan. If that is clean then we will prepare to end this topic and say that the computer seems clean.

PANDA ONLINE SCAN


Click HERE to Run ActiveScan online virus scan:

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

panda online scan

Unread postby deemon » August 7th, 2007, 12:40 pm

panda wont work. it cant run the following add on (controles from panda software) unverified puplisher
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

Unread postby Elrond » August 7th, 2007, 1:03 pm

OK Try this one.

Download and run Sysclean

  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.

Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

panda online scan

Unread postby deemon » August 7th, 2007, 1:40 pm

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yarkfkho.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@anm.co[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.exe]
Adware:Adware/NSISMedia Not disinfected C:\Documents and Settings\Administrator\My Documents\Downloads\World TV and Radio Tuner 5.501a\setup.exe[²îÇ\NSIS.Library.RegTool.v2.²¥Ç.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

Unread postby Elrond » August 7th, 2007, 2:25 pm

Found some stuff. World TV and Radio Tuner 5.501a is infected and I am removing the infected part which is the setup for the program.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\Documents and Settings\Administrator\My Documents\Downloads\World TV and Radio Tuner 5.501a\setup.exe

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}] 
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}]



Save this as "CFScript"


Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

combo exe result log

Unread postby deemon » August 7th, 2007, 8:41 pm

ComboFix 07-08-04.3 - "Administrator" 2007-08-08 1:21:50.4 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Administrator\Desktop\cfscript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator\My Documents\Downloads\World TV and Radio Tuner 5.501a\setup.exe


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-07 17:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 16:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-07 13:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-06 23:03 <DIR> d-------- C:\Program Files\worldTVRT
2007-08-06 18:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-05 21:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt
2007-08-05 17:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 22:50 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-02 22:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-08-01 21:11 <DIR> d-------- C:\Program Files\SAGEM
2007-07-29 15:55 <DIR> d-------- C:\Program Files\Adobe(2)
2007-07-26 20:14 643,072 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-26 20:14 6,029,312 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-25 16:48 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-07-25 16:48 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-07-25 16:48 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-07-25 16:48 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-07-25 16:48 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-07-25 16:48 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-07-25 16:48 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-07-18 18:37 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-07-18 18:37 <DIR> d-------- C:\Program Files\Common Files\Real
2007-07-09 20:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 20:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 00:48 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-08 00:43 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-08-07 18:26 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-07 18:26 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-07 18:22 --------- d-------- C:\Program Files\MSN Messenger
2007-08-07 18:21 --------- d-------- C:\Program Files\Messenger
2007-08-07 18:18 --------- d-------- C:\Program Files\Google
2007-08-07 16:02 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
2007-08-06 00:39 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
2007-07-25 16:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 16:48 --------- d-------- C:\Program Files\Samsung
2007-07-20 14:23 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Temporary
2007-07-17 00:46 3085 --a------ C:\WINDOWS\mozver.dat
2007-07-01 03:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-06-30 19:03 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microgaming
2007-06-28 20:38 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
2007-06-22 18:47 --------- d-------- C:\Program Files\Yahoo!
2007-06-15 21:12 --------- d-------- C:\Program Files\Joost
2007-06-08 16:07 --------- d-------- C:\Program Files\PotUK Radio
2007-05-16 16:32 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:32 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:32 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:32 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:32 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:32 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-08 10:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-04-06 20:00 87608 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe
2007-04-06 20:00 47360 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys
2006-11-20 13:38:22 8 --sh--r C:\WINDOWS\system32\3D81D020C5.sys
2006-11-20 13:38:22 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 17:09]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 23:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"VTTimer"=VTTimer.exe
"VTTrayp"=VTtrayp.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 DLPortIO;DriverLINX Port I/O Driver;\??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 usbbus;LGE Mobile Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
S3 UsbDiag;LGE Mobile USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
S3 USBModem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-08-03 16:16:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-07 23:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 01:29:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 1:30:57
C:\ComboFix-quarantined-files.txt ... 2007-08-08 01:30
C:\ComboFix2.txt ... 2007-08-05 17:51

--- E O F ---
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

Unread postby Elrond » August 7th, 2007, 10:04 pm

Open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.


Please download >>ComboFix<< by sUBs:

NOTE: In the event you already have ComboFix, Please delete it, this is a new version that I need you to download.

  • Save it to your desktop.
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\WINDOWS\system32\GroupPolicy 
    C:\Program Files\worldTVRT 
    C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Run a new HijackThis scan and post the log together with the "Uninstall Manager" log and the Combofix log.


Please do not download any new programs until we have finnished the cleanup.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

hijackthis

Unread postby deemon » August 8th, 2007, 3:22 am

Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AVG Anti-Spyware 7.5
AVG Free Edition
bet365poker
CCleaner (remove only)
C-Media WDM Audio Driver
ConvertXtoDVD 2.1.14.223
DVD Shrink 3.2
Easy Video to 3GP Converter 1.0.0
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB912475)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Joost (tm) 0.10.4
LG USB Modem driver
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI NT
Motorola SM56 Speakerphone Modem
Mozilla Firefox (2.0.0.6)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Nero 7 Ultra Edition
neroxml
Norton Ghost
OpenOffice.org 2.0
Paddy Power Poker
Panda ActiveScan
PowerDVD
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
SAGEM F@st 800-840
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shockwave
SopCore 1.1.0
Spybot - Search & Destroy 1.4
Tabbed Browsing (Windows Live Toolbar)
TuneUp Utilities 2007
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar MSN Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
world TV and Radio Tuner 5.501
Yahoo! Widgets
ZoneAlarm Pro
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

Unread postby Elrond » August 8th, 2007, 8:24 am

I need the Combofix log and the HijackThis Log as well.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

combofix log

Unread postby deemon » August 8th, 2007, 9:16 am

ComboFix 07-08-07.6 - "Administrator" 2007-08-08 14:06:20.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-07 17:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 16:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-07 13:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-06 23:03 <DIR> d-------- C:\Program Files\worldTVRT
2007-08-06 18:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-05 21:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt
2007-08-05 17:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 22:50 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-02 22:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-08-01 21:11 <DIR> d-------- C:\Program Files\SAGEM
2007-07-29 15:55 <DIR> d-------- C:\Program Files\Adobe(2)
2007-07-26 20:14 643,072 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-26 20:14 6,029,312 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-25 16:48 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-07-25 16:48 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-07-25 16:48 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-07-25 16:48 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-07-25 16:48 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-07-25 16:48 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-07-25 16:48 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-07-18 18:37 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-07-18 18:37 <DIR> d-------- C:\Program Files\Common Files\Real
2007-07-09 20:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 20:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 13:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-08 00:43 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-08-07 18:26 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-07 18:26 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-07 18:22 --------- d-------- C:\Program Files\MSN Messenger
2007-08-07 18:21 --------- d-------- C:\Program Files\Messenger
2007-08-07 18:18 --------- d-------- C:\Program Files\Google
2007-08-07 16:02 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
2007-08-06 00:39 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
2007-07-25 16:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 16:48 --------- d-------- C:\Program Files\Samsung
2007-07-20 14:23 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Temporary
2007-07-17 00:46 3085 --a------ C:\WINDOWS\mozver.dat
2007-07-01 03:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-06-30 19:03 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microgaming
2007-06-28 20:38 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
2007-06-22 18:47 --------- d-------- C:\Program Files\Yahoo!
2007-06-15 21:12 --------- d-------- C:\Program Files\Joost
2007-06-08 16:07 --------- d-------- C:\Program Files\PotUK Radio
2007-05-16 16:32 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:32 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:32 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:32 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:32 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:32 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-08 10:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-04-06 20:00 87608 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ezpinst.exe
2007-04-06 20:00 47360 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\pcouffin.sys
2005-12-15 13:03 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
2006-11-20 13:38:22 8 --sh--r C:\WINDOWS\system32\3D81D020C5.sys
2006-11-20 13:38:22 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\system32\GroupPolicy ----

2007-08-07 13:30 38 --a------ C:\WINDOWS\system32\GroupPolicy\gpt.ini

---- Directory of C:\Program Files\worldTVRT ----

2007-08-06 23:03 53 --a------ C:\Program Files\worldTVRT\world TV and Radio Tuner.url
2007-08-06 23:03 46665 --a------ C:\Program Files\worldTVRT\uninst.exe
2007-06-24 23:48 892928 --a------ C:\Program Files\worldTVRT\worldTVRT.exe
2007-05-23 00:13 1652 --a------ C:\Program Files\worldTVRT\pausepor.htm
2007-05-23 00:13 1651 --a------ C:\Program Files\worldTVRT\welcomepor.htm
2007-05-23 00:13 1647 --a------ C:\Program Files\worldTVRT\unavailable.htm
2007-05-23 00:13 1642 --a------ C:\Program Files\worldTVRT\pauseita.htm
2007-05-23 00:13 1640 --a------ C:\Program Files\worldTVRT\welcomeita.htm
2007-05-23 00:13 1633 --a------ C:\Program Files\worldTVRT\welcomeesp.htm
2007-05-23 00:13 1633 --a------ C:\Program Files\worldTVRT\pauseesp.htm
2007-05-23 00:13 1630 --a------ C:\Program Files\worldTVRT\welcomefra.htm
2007-05-23 00:13 1626 --a------ C:\Program Files\worldTVRT\pausefra.htm
2007-05-23 00:13 1625 --a------ C:\Program Files\worldTVRT\welcomedeu.htm
2007-05-23 00:13 1624 --a------ C:\Program Files\worldTVRT\pausedeu.htm
2007-05-23 00:13 1611 --a------ C:\Program Files\worldTVRT\pauseeng.htm
2007-05-23 00:13 1609 --a------ C:\Program Files\worldTVRT\welcomeeng.htm
2006-05-17 02:26 58588 --a------ C:\Program Files\worldTVRT\1.gif
2004-02-24 18:40 32502 --a------ C:\Program Files\worldTVRT\skins\Crimson.bmp
2004-02-17 18:07 32502 --a------ C:\Program Files\worldTVRT\skins\Aisi420.bmp
2004-02-08 04:57 32502 --a------ C:\Program Files\worldTVRT\skins\Electro Blue.bmp
2004-01-29 21:03 32502 --a------ C:\Program Files\worldTVRT\skins\All Green.bmp
2003-12-08 22:48 32502 --a------ C:\Program Files\worldTVRT\skins\Zinc 2.bmp
2003-11-21 20:57 32502 --a------ C:\Program Files\worldTVRT\skins\All Blue 2.bmp
2003-11-12 21:37 32502 --a------ C:\Program Files\worldTVRT\skins\Patriot 2 (US).bmp
2003-11-10 03:26 32502 --a------ C:\Program Files\worldTVRT\skins\Zinc.bmp
2003-11-08 11:08 32502 --a------ C:\Program Files\worldTVRT\skins\Wire Frame.bmp
2003-10-20 17:53 32502 --a------ C:\Program Files\worldTVRT\skins\BlueSteel.bmp
2003-10-16 23:44 32502 --a------ C:\Program Files\worldTVRT\skins\Titanium.bmp
2003-09-04 14:26 32502 --a------ C:\Program Files\worldTVRT\skins\Wood.bmp
2003-09-04 14:25 32502 --a------ C:\Program Files\worldTVRT\skins\Lilac.bmp
2003-09-04 14:24 32502 --a------ C:\Program Files\worldTVRT\skins\Limpid sky.bmp
2003-09-04 14:23 32502 --a------ C:\Program Files\worldTVRT\skins\Ghost in Violet.bmp
2003-09-04 14:22 32502 --a------ C:\Program Files\worldTVRT\skins\Ghost in Purple.bmp
2003-09-04 14:21 32502 --a------ C:\Program Files\worldTVRT\skins\Ghost in Navy Blue.bmp
2003-09-04 14:20 32502 --a------ C:\Program Files\worldTVRT\skins\Ghost in Blue.bmp
2003-09-04 14:18 32502 --a------ C:\Program Files\worldTVRT\skins\Gemini in Light Blue.bmp
2003-09-04 14:18 32502 --a------ C:\Program Files\worldTVRT\skins\DOS.bmp
2003-09-04 14:17 32502 --a------ C:\Program Files\worldTVRT\skins\Digital in Light Blue.bmp
2003-06-05 01:22 32502 --a------ C:\Program Files\worldTVRT\skins\Red.bmp
2003-05-17 17:11 32502 --a------ C:\Program Files\worldTVRT\skins\Green Neon.bmp
2003-05-17 17:07 32502 --a------ C:\Program Files\worldTVRT\skins\Purple Neon.bmp
2003-05-17 17:06 32502 --a------ C:\Program Files\worldTVRT\skins\Blue Neon.bmp
2003-03-20 01:38 32502 --a------ C:\Program Files\worldTVRT\skins\Rose.bmp
2003-03-20 01:38 32502 --a------ C:\Program Files\worldTVRT\skins\Periwinkle.bmp
2003-01-29 19:30 32502 --a------ C:\Program Files\worldTVRT\skins\Bronze.bmp
2003-01-25 21:47 32502 --a------ C:\Program Files\worldTVRT\skins\Noir.bmp
2002-11-30 01:54 32502 --a------ C:\Program Files\worldTVRT\skins\Dark Win in Green 5.bmp
2002-11-30 01:49 32502 --a------ C:\Program Files\worldTVRT\skins\Dark Win in Orange.bmp
2002-11-26 23:01 32502 --a------ C:\Program Files\worldTVRT\skins\Dark Win in Blue 8.bmp
2002-11-25 19:01 32502 --a------ C:\Program Files\worldTVRT\skins\Ligth Win in Blue 1.bmp
2002-11-25 06:42 32502 --a------ C:\Program Files\worldTVRT\skins\Dark Win in Dwelt.bmp
2002-11-25 06:13 32502 --a------ C:\Program Files\worldTVRT\skins\Dark Win in Green 1.bmp
2002-11-23 05:55 32502 --a------ C:\Program Files\worldTVRT\skins\Pacific Night.bmp
2002-11-21 02:23 32502 --a------ C:\Program Files\worldTVRT\skins\Yellow.bmp
2002-11-21 02:06 32502 --a------ C:\Program Files\worldTVRT\skins\Dwelt.bmp
2002-11-21 01:52 32502 --a------ C:\Program Files\worldTVRT\skins\Autumn.bmp
2002-11-18 11:38 32502 --a------ C:\Program Files\worldTVRT\skins\Ligth Green.bmp
2002-11-18 11:25 32502 --a------ C:\Program Files\worldTVRT\skins\Red & Yellow.bmp
2002-11-18 10:49 32502 --a------ C:\Program Files\worldTVRT\skins\Violet & Brown.bmp
2002-11-15 21:35 32502 --a------ C:\Program Files\worldTVRT\skins\Depressed.bmp
2002-10-09 04:29 32502 --a------ C:\Program Files\worldTVRT\skins\Gray.bmp
2002-08-22 03:08 32502 --a------ C:\Program Files\worldTVRT\skins\Omega.bmp
2002-07-15 08:37 32502 --a------ C:\Program Files\worldTVRT\skins\Simile XP Red.bmp
2002-07-15 08:36 32502 --a------ C:\Program Files\worldTVRT\skins\Simile XP Green.bmp

---- Directory of C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt ----

2007-08-05 21:50 257856 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\c13ti.22372$Ac2.3070@fe33.usenetserver.com.txt
2007-08-05 21:50 257782 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\ck2ti.22221$Ac2.12459@fe33.usenetserver.com\vm2ti.22229$Ac2.20551@fe33.usenetserver.com.txt
2007-08-05 21:49 257943 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\X%2ti.22367$Ac2.14635@fe33.usenetserver.com.txt
2007-08-05 21:49 257907 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\IT2ti.22341$Ac2.5071@fe33.usenetserver.com.txt
2007-08-05 21:49 257883 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\w02ti.22155$Ac2.5154@fe33.usenetserver.com\c42ti.22167$Ac2.22011@fe33.usenetserver.com.txt
2007-08-05 21:49 257855 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\w02ti.22155$Ac2.5154@fe33.usenetserver.com\w02ti.22155$Ac2.5154@fe33.usenetserver.com.txt
2007-08-05 21:49 257838 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\aX2ti.22352$Ac2.18635@fe33.usenetserver.com.txt
2007-08-05 21:49 257818 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\ck2ti.22221$Ac2.12459@fe33.usenetserver.com\ol2ti.22225$Ac2.5430@fe33.usenetserver.com.txt
2007-08-05 21:49 257814 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\ZU2ti.22345$Ac2.5529@fe33.usenetserver.com.txt
2007-08-05 21:49 257801 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\w02ti.22155$Ac2.5154@fe33.usenetserver.com\_22ti.22163$Ac2.12331@fe33.usenetserver.com.txt
2007-08-05 21:49 257790 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\3W2ti.22348$Ac2.6174@fe33.usenetserver.com.txt
2007-08-05 21:49 257780 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\w02ti.22155$Ac2.5154@fe33.usenetserver.com\K12ti.22159$Ac2.21423@fe33.usenetserver.com.txt
2007-08-05 21:49 257767 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\ck2ti.22221$Ac2.12459@fe33.usenetserver.com\ck2ti.22221$Ac2.12459@fe33.usenetserver.com.txt
2007-08-05 21:49 257754 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\IZ2ti.22361$Ac2.2704@fe33.usenetserver.com.txt
2007-08-05 21:49 257634 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\P_2ti.22365$Ac2.14664@fe33.usenetserver.com.txt
2007-08-05 21:49 257588 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\rY2ti.22357$Ac2.19892@fe33.usenetserver.com.txt
2007-08-05 21:48 257964 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\BI2ti.22305$Ac2.10970@fe33.usenetserver.com.txt
2007-08-05 21:48 257865 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\RJ2ti.22309$Ac2.18542@fe33.usenetserver.com.txt
2007-08-05 21:48 257818 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\WP2ti.22329$Ac2.20912@fe33.usenetserver.com.txt
2007-08-05 21:48 257733 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\bR2ti.22333$Ac2.19167@fe33.usenetserver.com.txt
2007-08-05 21:48 257668 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\gM2ti.22317$Ac2.11077@fe33.usenetserver.com.txt
2007-08-05 21:48 257633 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\FO2ti.22325$Ac2.16931@fe33.usenetserver.com.txt
2007-08-05 21:48 257599 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\6L2ti.22313$Ac2.11985@fe33.usenetserver.com.txt
2007-08-05 21:48 257587 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\oN2ti.22320$Ac2.2196@fe33.usenetserver.com.txt
2007-08-05 21:48 257561 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\sS2ti.22337$Ac2.19689@fe33.usenetserver.com.txt
2007-08-05 21:47 257886 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\6G2ti.22295$Ac2.7482@fe33.usenetserver.com.txt
2007-08-05 21:47 257850 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\kH2ti.22299$Ac2.19314@fe33.usenetserver.com.txt
2007-08-05 21:47 257802 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\fB2ti.22279$Ac2.18321@fe33.usenetserver.com.txt
2007-08-05 21:47 257801 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\TE2ti.22291$Ac2.21288@fe33.usenetserver.com.txt
2007-08-05 21:47 257792 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\1z2ti.22271$Ac2.4544@fe33.usenetserver.com.txt
2007-08-05 21:47 257753 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\8A2ti.22275$Ac2.9280@fe33.usenetserver.com.txt
2007-08-05 21:47 257741 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\lC2ti.22283$Ac2.6180@fe33.usenetserver.com.txt
2007-08-05 21:47 257721 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\CD2ti.22287$Ac2.12521@fe33.usenetserver.com.txt
2007-08-05 21:46 257899 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Yt2ti.22255$Ac2.6468@fe33.usenetserver.com.txt
2007-08-05 21:46 257828 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Mx2ti.22267$Ac2.13018@fe33.usenetserver.com.txt
2007-08-05 21:46 257790 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\vw2ti.22263$Ac2.7378@fe33.usenetserver.com.txt
2007-08-05 21:46 257737 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\dv2ti.22259$Ac2.16928@fe33.usenetserver.com.txt
2007-08-05 21:46 257673 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\sq2ti.22243$Ac2.4169@fe33.usenetserver.com.txt
2007-08-05 21:46 257667 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Cr2ti.22247$Ac2.11211@fe33.usenetserver.com.txt
2007-08-05 21:46 257592 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\np2ti.22239$Ac2.15515@fe33.usenetserver.com.txt
2007-08-05 21:46 257459 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Os2ti.22251$Ac2.20547@fe33.usenetserver.com.txt
2007-08-05 21:45 257939 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\sk2ti.22222$Ac2.4759@fe33.usenetserver.com.txt
2007-08-05 21:45 257932 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Ae2ti.22200$Ac2.4262@fe33.usenetserver.com.txt
2007-08-05 21:45 257878 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Wh2ti.22213$Ac2.9109@fe33.usenetserver.com.txt
2007-08-05 21:45 257874 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Hf2ti.22204$Ac2.15804@fe33.usenetserver.com.txt
2007-08-05 21:45 257841 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Qg2ti.22209$Ac2.261@fe33.usenetserver.com.txt
2007-08-05 21:45 257828 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\bj2ti.22218$Ac2.16815@fe33.usenetserver.com.txt
2007-08-05 21:45 257777 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\go2ti.22234$Ac2.3574@fe33.usenetserver.com.txt
2007-08-05 21:45 257708 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Jl2ti.22226$Ac2.9507@fe33.usenetserver.com.txt
2007-08-05 21:45 257561 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\_m2ti.22230$Ac2.15098@fe33.usenetserver.com.txt
2007-08-05 21:44 257798 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\%a2ti.22189$Ac2.20261@fe33.usenetserver.com.txt
2007-08-05 21:44 257744 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\K92ti.22184$Ac2.6531@fe33.usenetserver.com.txt
2007-08-05 21:44 257726 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\jd2ti.22196$Ac2.2915@fe33.usenetserver.com.txt
2007-08-05 21:44 257715 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\t82ti.22180$Ac2.6529@fe33.usenetserver.com.txt
2007-08-05 21:44 257676 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\Q42ti.22169$Ac2.7418@fe33.usenetserver.com.txt
2007-08-05 21:44 257673 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\dc2ti.22193$Ac2.5981@fe33.usenetserver.com.txt
2007-08-05 21:44 257649 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\j72ti.22177$Ac2.20700@fe33.usenetserver.com.txt
2007-08-05 21:44 257622 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\462ti.22173$Ac2.12841@fe33.usenetserver.com.txt
2007-08-05 21:43 257893 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com.txt
2007-08-05 21:43 257850 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\012ti.22156$Ac2.12102@fe33.usenetserver.com.txt
2007-08-05 21:43 257837 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\V%1ti.22153$Ac2.20436@fe33.usenetserver.com.txt
2007-08-05 21:43 257813 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\K_1ti.22148$Ac2.9279@fe33.usenetserver.com.txt
2007-08-05 21:43 257694 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\y32ti.22165$Ac2.1393@fe33.usenetserver.com.txt
2007-08-05 21:43 257635 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Articles\alt.binaries.movies.divx\uZ1ti.22143$Ac2.9828@fe33.usenetserver.com\h22ti.22160$Ac2.19438@fe33.usenetserver.com.txt
2007-08-05 21:24 827907 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\GrabIt\Groups\New server\grouplist


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 17:09]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 12:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 23:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"VTTimer"=VTTimer.exe
"VTTrayp"=VTtrayp.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 DLPortIO;DriverLINX Port I/O Driver;\??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 usbbus;LGE Mobile Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
S3 UsbDiag;LGE Mobile USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
S3 USBModem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-08-03 16:16:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-08 00:32:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 14:09:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000071
"TracesSuccessful"=dword:0000005f

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\poof]


Completion time: 2007-08-08 14:11:24
C:\ComboFix-quarantined-files.txt ... 2007-08-08 14:10
C:\ComboFix2.txt ... 2007-08-08 01:30
C:\ComboFix3.txt ... 2007-08-05 17:51

--- E O F ---
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

new hijack log

Unread postby deemon » August 8th, 2007, 9:18 am

Logfile of HijackThis v1.99.1
Scan saved at 14:17:39, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

thx for waiting

Unread postby deemon » August 8th, 2007, 9:19 am

sorry for takeing so long had to go to work
thx for your patients
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

Unread postby Elrond » August 8th, 2007, 11:05 am

Download the latest Java from here.

Scroll down to Java Runtime Environment (JRE) 6u2 and click on Download. Click on Accept License Agreement, the page will refresh.

Click on Windows Offline Installation, Multi-language and save it.

Do not run it yet.


Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I would advise you to go to Add/Remove programs and uninstall your party programs.

Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a free to use/play site.
* http://www.pokerstars.com/ - This is the paid for version.


  1. Go to Start > Control Panel. Double click on Add/Remove Programs.
  2. Locate J2SE Runtime Environment 5.0 Update 3 and click on Change/Remove to uninstall it.
  3. Repeat for
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 9
  4. If you have decided to remove the poker programs then repeat for the following as well:
    bet365poker
    Paddy Power Poker
  5. Once done, close Add/Remove Programs and Control Panel.
  6. Restart your computer
After uninstalling the old Java program, install the latest version of Java that you've downloaded earlier.


Is yor computer in any way connected to your the computers at your job and if so has anybody from your job installed or changed anything so that you should be able to connect to the system at work?


Please run another HijackThis scan and post the log together with an answer to my question.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

computer

Unread postby deemon » August 8th, 2007, 11:34 am

no im a tiler we dont use computers at work
gona send hijack log file now.
what about the trojan in avg how do i get rid of it.
thx for reply.
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm

new hijack log

Unread postby deemon » August 8th, 2007, 11:38 am

Logfile of HijackThis v1.99.1
Scan saved at 16:37:28, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
deemon
Regular Member
 
Posts: 79
Joined: August 1st, 2007, 3:17 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware