Results 1 to 4 of 4

Thread: Virtumonde

  1. #1
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default Virtumonde

    Can't seem to get rid of this thing so I am looking for help. When I run Spyware Doctor it can't get rid of it in the C:\windows\system32\ssqpm.dll

    I did a Kaspersky online scan but it is screwing up and won't let me save the log or do anything with it now that it is done.

    HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:00:28 AM, on 1/7/2003
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\Config\lsass.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2...ang=EN&lc=1033
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {804A90F5-6A3B-49E6-AA70-3C21085A5B91} - C:\windows\System32\ssqpm.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\windows\system32\jyspvixp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\windows\system32\jyspvixp.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL0
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [DevconDefaultDB] C:\windows\READREG /PSCONV={NO} /FAIL=1
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4658] command /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5182] cmd /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Zach\Desktop\vundofix.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Tacd] "C:\windows\TSKS~1\alg.exe" --ru -vt yazb
    O4 - HKCU\..\Run: [DDC] C:\windows\system32\ujsiuldl.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\GetFlash.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1947] command /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7879] cmd /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...la/ext360.html
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1124285179468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124285169421
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O20 - Winlogon Notify: jyspvixp - C:\windows\SYSTEM32\jyspvixp.dll
    O20 - Winlogon Notify: nnnkjjg - C:\windows\SYSTEM32\nnnkjjg.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\System32\CTsvcCDA.exe
    O23 - Service: DomainService - - C:\windows\system32\ujsiuldl.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\windows\System32\UAService7.exe

    --
    End of file - 10085 bytes

  2. #2
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default

    cobofix dialog


    ComboFix 07-10-21.1** - Zach 2003-01-07 14:09:40.1 - NTFSx86 NETWORK
    Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Zach\Desktop\internet.lnk
    C:\Documents and Settings\Zach\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Zach\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Zach\Favorites\Online Security Guide.lnk
    C:\Program Files\Hammer.dll
    C:\windows\cookies.ini
    C:\windows\system32\drivers\sfsync02.sys
    C:\windows\system32\drivers\sfsync03.sys
    C:\windows\system32\jyspvixp.dllbox
    C:\WINDOWS\system32\mpqss.bak1
    C:\WINDOWS\system32\mpqss.ini
    C:\windows\system32\ssqpm.dll
    C:\windows\system32\wl.exe
    C:\windows\tsks~1
    C:\windows\tsks~1\alg.exe
    C:\windows\tsks~1\T?sks\

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_SFSYNC02
    -------\LEGACY_SFSYNC03
    -------\DomainService
    -------\sfsync02
    -------\sfsync03


    ((((((((((((((((((((((((( Files Created from 2002-12-07 to 2003-01-07 )))))))))))))))))))))))))))))))
    .

    2003-01-13 13:57 450,560 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll
    2003-01-07 14:10 4,672 --a------ C:\WINDOWS\system32\lwrwoswf.exe
    2003-01-07 14:07 75,328 --a------ C:\WINDOWS\system32\jkihrenl.exe
    2003-01-07 14:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2003-01-07 11:02 77,376 --a------ C:\WINDOWS\system32\ihiyuleg.dll
    2003-01-07 11:01 83,008 --a------ C:\WINDOWS\system32\trallvli.dll
    2003-01-07 10:59 75,328 --a------ C:\WINDOWS\system32\lpiptdkt.exe
    2003-01-07 10:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2003-01-07 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2003-01-07 10:14 <DIR> d-------- C:\Program Files\RegCure
    2003-01-07 09:43 <DIR> d-------- C:\VundoFix Backups
    2003-01-07 09:42 75,328 --a------ C:\WINDOWS\system32\scrioaaf.exe
    2003-01-05 17:46 <DIR> d-------- C:\Program Files\Spyware Doctor
    2003-01-05 17:46 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\PC Tools
    2003-01-05 17:46 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2003-01-05 17:46 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2003-01-05 17:46 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2003-01-05 17:46 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2003-01-05 17:46 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2003-01-05 17:36 83,008 --a------ C:\WINDOWS\system32\vgaishlg.dll
    2003-01-05 17:36 83,008 --a------ C:\WINDOWS\system32\ohlwjtlv.dll
    2003-01-05 17:33 83,008 --a------ C:\WINDOWS\system32\vqrjstln.dll
    2003-01-05 17:33 83,008 --a------ C:\WINDOWS\system32\tkpdclka.dll
    2003-01-05 17:33 83,008 --a------ C:\WINDOWS\system32\qkomvkmh.dll
    2003-01-05 17:33 83,008 --a------ C:\WINDOWS\system32\njtaoqac.dll
    2003-01-05 17:30 83,008 --a------ C:\WINDOWS\system32\qipaakci.dll
    2003-01-05 17:30 83,008 --a------ C:\WINDOWS\system32\gsblchcw.dll
    2003-01-05 17:30 83,008 --a------ C:\WINDOWS\system32\chgnoywt.dll
    2003-01-05 17:27 83,008 --a------ C:\WINDOWS\system32\yvxbtiai.dll
    2003-01-05 17:27 83,008 --a------ C:\WINDOWS\system32\uvfrxpkm.dll
    2003-01-05 17:27 83,008 --a------ C:\WINDOWS\system32\bpwdbqwl.dll
    2003-01-05 17:24 83,008 --a------ C:\WINDOWS\system32\jsjkaddd.dll
    2003-01-05 17:24 83,008 --a------ C:\WINDOWS\system32\inonntye.dll
    2003-01-05 17:24 83,008 --a------ C:\WINDOWS\system32\effvlhhy.dll
    2003-01-05 17:21 83,008 --a------ C:\WINDOWS\system32\gbqgotwj.dll
    2003-01-05 17:21 83,008 --a------ C:\WINDOWS\system32\ecbcmfng.dll
    2003-01-05 17:21 83,008 --a------ C:\WINDOWS\system32\cwlxdies.dll
    2003-01-05 17:18 83,008 --a------ C:\WINDOWS\system32\srvwthdc.dll
    2003-01-05 17:18 83,008 --a------ C:\WINDOWS\system32\oxfimalk.dll
    2003-01-05 17:18 83,008 --a------ C:\WINDOWS\system32\cadmaffh.dll
    2003-01-05 17:15 83,008 --a------ C:\WINDOWS\system32\mcxrayhb.dll
    2003-01-05 17:15 83,008 --a------ C:\WINDOWS\system32\hnksahip.dll
    2003-01-05 17:12 75,328 --a------ C:\WINDOWS\system32\ujsiuldl.exe
    2003-01-05 16:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2003-01-05 16:55 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2003-01-05 16:55 0 --a------ C:\WINDOWS\PowerReg.dat
    2003-01-03 17:44 1,392,671 --------- C:\WINDOWS\system32\msvbvm60.dll
    2003-01-03 17:44 151,552 --a------ C:\WINDOWS\system32\scrrun.dll
    2003-01-03 17:43 3,584 --a--c--- C:\WINDOWS\system32\dllcache\comcat.dll
    2003-01-03 17:43 3,584 --a------ C:\WINDOWS\system32\comcat.dll
    2003-01-01 19:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
    2003-01-01 15:30 339,968 --------- C:\WINDOWS\system32\jyspvixp.dll
    2003-01-01 15:29 389,184 --a------ C:\WINDOWS\system32\xbyfbjkg.exe
    2002-12-30 09:53 12,160 --a------ C:\WINDOWS\system32\drivers\ctgame.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-15 05:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-15 05:21 --------- d-----w C:\Program Files\Realtek AC97
    2007-10-15 05:21 --------- d-----w C:\Program Files\Realtek
    2007-10-15 05:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
    2007-10-15 05:19 --------- d-----w C:\Program Files\AMD
    2007-10-14 21:00 --------- d-----w C:\Program Files\Creative
    2007-10-14 20:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Creative
    2007-10-14 19:31 --------- d-----w C:\Program Files\MSI
    2007-10-14 18:24 96,256 ----a-w C:\windows\system32\drivers\sptd3773.sys
    2007-10-14 17:29 --------- d-----w C:\Program Files\Steam
    2007-10-14 06:27 --------- d-----w C:\Program Files\Azureus
    2007-10-13 06:32 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Xfire
    2007-10-13 06:32 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Xfire
    2007-10-13 06:30 --------- d-s---w C:\Program Files\Xfire
    2007-10-09 04:30 --------- d-----w C:\Documents and Settings\Zach\Application Data\Xfire
    2007-10-08 05:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
    2007-10-08 04:39 --------- d-----w C:\Program Files\Google
    2007-10-05 10:49 13,056 ----a-w C:\windows\system32\drivers\FlashSys.sys
    2007-09-17 08:07 6,853,088 ----a-w C:\windows\system32\drivers\nv4_mini.sys
    2007-09-06 00:04 --------- d-----w C:\Program Files\OpenAL
    2007-09-05 23:49 --------- d-----w C:\Documents and Settings\Zach\Application Data\Gearbox Software
    2007-06-02 05:28 95,488 ----a-r C:\windows\system32\drivers\Rtnicxp.sys
    2007-02-09 11:10 574,464 ----a-w C:\windows\system32\drivers\ntfs.sys
    2006-12-14 03:41 --------- d-----w C:\Program Files\PowerISO
    2006-12-14 00:26 --------- d-----w C:\Program Files\Java
    2006-12-08 01:29 --------- d-----w C:\Program Files\PlayLinc
    2006-12-06 04:09 --------- d-----w C:\Documents and Settings\Zach\Application Data\IGN_DLM
    2006-11-23 22:20 --------- d-----w C:\Documents and Settings\Zach\Application Data\InstallShield
    2006-11-06 08:28 30,988 ----a-w C:\windows\system32\drivers\scdemu.sys
    2006-10-21 20:36 --------- d-----w C:\Documents and Settings\Zach\Application Data\Talkback
    2006-10-19 21:40 --------- d-----w C:\Program Files\MSXML 4.0
    2006-10-13 10:23 163,584 ----a-w C:\windows\system32\drivers\nwrdr.sys
    2006-09-13 01:04 --------- d-----w C:\Program Files\FlashFXP
    2006-09-13 00:57 --------- d-----w C:\Program Files\mIRC
    2006-09-12 03:43 --------- d-----w C:\Documents and Settings\Zach\Application Data\FlashFXP
    2006-09-08 04:53 502,368 ----a-w C:\windows\system32\drivers\amon.sys
    2006-08-29 07:54 10,664 ----a-w C:\windows\system32\drivers\gan_adapter.sys
    2006-08-27 19:07 223,128 ----a-w C:\windows\system32\drivers\dtscsi.sys
    2006-08-27 19:07 --------- d-----w C:\Program Files\DAEMON Tools
    2006-08-27 19:04 643,072 ----a-w C:\windows\system32\drivers\sptd.sys
    2006-08-24 03:39 --------- d-----w C:\Program Files\Nero
    2006-08-24 03:39 --------- d-----w C:\Program Files\Common Files\Ahead
    2006-08-24 03:38 --------- d-----w C:\Program Files\Ahead
    2006-08-24 03:04 --------- d-----w C:\Program Files\SlySoft
    2006-08-24 02:49 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
    2006-08-24 02:32 --------- d-----w C:\Program Files\DC++
    2006-08-21 09:14 128,896 ------w C:\windows\system32\drivers\fltmgr.sys
    2006-08-16 09:37 225,664 ----a-w C:\windows\system32\drivers\tcpip6.sys
    2006-08-14 10:34 332,928 ----a-w C:\windows\system32\drivers\srv.sys
    2006-08-11 21:56 8,192 ----a-w C:\windows\system32\drivers\pfmodnt.sys
    2006-08-11 21:45 78,336 ----a-w C:\windows\system32\drivers\emupia2k.sys
    2006-08-11 21:45 766,976 ----a-w C:\windows\system32\drivers\ha10kx2k.sys
    2006-08-11 21:45 7,168 ----a-w C:\windows\system32\drivers\ctprxy2k.sys
    2006-08-11 21:45 502,272 ----a-w C:\windows\system32\drivers\ctac32k.sys
    2006-08-11 21:45 499,584 ----a-w C:\windows\system32\drivers\ctaud2k.sys
    2006-08-11 21:45 180,224 ----a-w C:\windows\system32\drivers\haP17v2k.sys
    2006-08-11 21:45 154,112 ----a-w C:\windows\system32\drivers\haP16v2k.sys
    2006-08-11 21:45 143,872 ----a-w C:\windows\system32\drivers\ctsfm2k.sys
    2006-08-11 21:45 116,224 ----a-w C:\windows\system32\drivers\ctoss2k.sys
    2006-08-11 21:45 1,110,016 ----a-w C:\windows\system32\drivers\ha20x2k.sys
    2006-07-13 08:48 202,240 ----a-w C:\windows\system32\drivers\rmcast.sys
    2006-06-14 09:00 82,944 ----a-w C:\windows\system32\drivers\wdmaud.sys
    2006-06-14 08:47 6,400 ----a-w C:\windows\system32\drivers\splitter.sys
    2006-06-14 08:47 172,416 ----a-w C:\windows\system32\drivers\kmixer.sys
    2006-05-05 09:47 174,592 ----a-w C:\windows\system32\drivers\rdbss.sys
    2006-05-05 09:41 453,120 ----a-w C:\windows\system32\drivers\mrxsmb.sys
    2006-04-20 11:51 359,808 ----a-w C:\windows\system32\drivers\tcpip.sys
    2006-03-17 00:33 262,784 ------w C:\windows\system32\drivers\http.sys
    2006-02-25 05:44 --------- d-----w C:\Documents and Settings\Zach\Application Data\Petroglyph
    2006-02-25 05:43 --------- d-----w C:\Documents and Settings\Zach\Application Data\LucasArts
    2006-02-15 00:22 142,464 ----a-w C:\windows\system32\drivers\aec.sys
    2006-02-12 22:25 --------- d-----w C:\Program Files\trillian
    2006-02-12 20:07 --------- d-----w C:\Program Files\Setup Files
    2006-02-12 07:02 --------- d-----w C:\Documents and Settings\Espie\Application Data\AdobeUM
    2006-02-11 22:38 --------- d-----r C:\Program Files\Support.com
    2006-02-11 20:20 --------- d-----w C:\Program Files\SupportSoft
    2006-02-11 20:20 --------- d-----w C:\Program Files\Qwest QuickConnect
    2005-12-24 02:04 --------- d-----w C:\Program Files\CoH Hero Builder
    2005-12-12 14:21 --------- d-----w C:\Documents and Settings\Espie\Application Data\Logitech
    2005-12-11 22:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2005-12-11 03:04 --------- d-----w C:\Program Files\Chikka
    2005-12-06 01:05 --------- d-----w C:\Documents and Settings\Zach\Application Data\My Games
    2005-12-03 16:31 --------- d-----w C:\Program Files\Logitech
    2005-12-03 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2005-12-02 05:09 --------- d-----w C:\Documents and Settings\Zach\Application Data\Creative
    2005-11-11 00:06 340,704 ----a-w C:\windows\system32\drivers\ctdvda2k.sys
    2005-11-03 14:40 63,488 ----a-w C:\windows\system32\drivers\sfvfs02.sys
    2005-10-29 20:31 --------- d-----w C:\Program Files\NVIDIA Corporation
    2005-10-29 20:31 --------- d-----w C:\Program Files\Common Files\NVIDIA Shared
    2005-10-02 03:54 --------- d-----w C:\Documents and Settings\Zach\Application Data\MSN6
    2005-10-02 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2005-09-23 13:31 --------- d-----w C:\Program Files\FilePlanet
    2005-09-17 15:41 --------- d-----w C:\Program Files\GameSpy Arcade
    2005-09-06 21:02 1,365,888 ----a-w C:\windows\system32\drivers\CTMMFILT.SYS
    2005-09-04 19:36 --------- d-----w C:\Program Files\RedBedlam
    2005-08-20 16:27 --------- d-----w C:\Program Files\Netscape
    2005-08-10 12:44 50,688 ----a-w C:\windows\system32\drivers\sfdrv01.sys
    2005-07-27 04:20 --------- d-----w C:\Documents and Settings\Zach\Application Data\teamspeak2
    2005-07-21 01:03 --------- d-----w C:\Documents and Settings\Zach\Application Data\Ventrilo
    2005-07-21 00:48 --------- d-----w C:\Program Files\Ventrilo
    .

  3. #3
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default

    more of the combofix


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{804A90F5-6A3B-49E6-AA70-3C21085A5B91}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2003-01-01 15:30 339968 --------- C:\windows\system32\jyspvixp.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\windows\system32\jyspvixp.dll [2003-01-01 15:30 339968]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-09-17 00:07]
    "nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 19:51]
    "UpdReg"="C:\windows\UpdReg.EXE" [2000-05-11 01:00]
    "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-11-18 23:33]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-07 20:53]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 12:28 C:\WINDOWS\KHALMNPR.Exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-09-17 00:07]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:56]
    "AsioReg"="REGSVR32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\regsvr32.exe]
    "CtxfiReg"="CTXFIREG.exe" [2006-08-11 13:53 C:\WINDOWS\system32\CTXFIREG.EXE]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "DevconDefaultDB"="C:\windows\READREG /PSCONV={NO} /FAIL=1" []
    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 C:\WINDOWS\SOUNDMAN.EXE]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2003-01-05 21:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 23:56]
    "LDM"="\Program\BackWeb-8876480.exe" []
    "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-02-20 10:30]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2007-10-07 20:40]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18]
    "igndlm.exe"="C:\Program Files\FilePlanet\Download Manager\DLM.exe" [2006-11-07 17:22]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-13 22:56]
    "Tacd"="C:\windows\TSKS~1\alg.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "FlashPlayerUpdate"=C:\windows\System32\Macromed\Flash\GetFlash.exe
    "SpybotDeletingB1947"=command /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    "SpybotDeletingD7879"=cmd /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingA4658"=command /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    "SpybotDeletingC5182"=cmd /c del "C:\WINDOWS\system32\jgerwpiy.exe_tobedeleted"
    "VundoFix"="C:\Documents and Settings\Zach\Desktop\vundofix.exe"

    C:\Documents and Settings\Zach\Start Menu\Programs\Startup\
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-10-02 15:56:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jyspvixp]
    jyspvixp.dll 2003-01-01 15:30 339968 C:\WINDOWS\system32\jyspvixp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjjg]
    nnnkjjg.dll 2007-10-14 09:24 35840 C:\WINDOWS\system32\nnnkjjg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\windows\System32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk
    backup=C:\windows\pss\CoreCenter.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DigiCell.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk
    backup=C:\windows\pss\DigiCell.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Perstray.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Perstray.lnk
    backup=C:\windows\pss\Perstray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zach^Start Menu^Programs^Startup^Connection Manager.lnk]
    path=C:\Documents and Settings\Zach\Start Menu\Programs\Startup\Connection Manager.lnk
    backup=C:\WINDOWS\pss\Connection Manager.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zach^Start Menu^Programs^Startup^Trillian.lnk]
    path=C:\Documents and Settings\Zach\Start Menu\Programs\Startup\Trillian.lnk
    backup=C:\windows\pss\Trillian.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
    C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
    "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
    "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
    C:\Program Files\MSI\Live Update 3\LMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
    C:\Program Files\Saitek\Software\Profiler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
    C:\Program Files\Saitek\Software\SaiMfd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
    C:\Program Files\Saitek\Software\SaiSmart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
    C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmdprovidersbc]
    "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

    S3 ctgame;Game Port;C:\windows\system32\DRIVERS\ctgame.sys
    S3 DigiCellDriver;DigiCellDriver;\??\C:\Program Files\MSI\DigiCell\NTGLM7X.sys
    S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\windows\system32\DRIVERS\GcKernel.sys
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys
    S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\windows\system32\DRIVERS\HIDSwvd.sys
    S3 SaiH0255;SaiH0255;C:\windows\system32\DRIVERS\SaiH0255.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command - E:\AutoRun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2003-01-07 18:14:15 C:\windows\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2003-01-07 18:14:15 C:\windows\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2003-01-07 14:24:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2003-01-07 14:27:39 - machine was rebooted
    .
    --- E O F ---

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello.

    Because of the amount of posts in your thread, helpers probably thought you were already being assisted.

    Copy and paste that information in your next post if the content will take no more than two posts to do so.
    If the result of your anti-virus scan is extremely long, please do not post it, but rather inform us when posting the HJT log.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc

    For people waiting who have not resolved their problem, we have a sticky topic:
    The Waiting Room: Post here if waiting for help longer than four days

    However if members waiting for assistance do not post in the waiting room, their topic is archived.

    If you need the thread re-opened, please send me a private message (pm) and provide a link.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •