Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Infected with spyware and malware

  1. 2008-10-16, 10:49 #11
    godwin
    godwin is offline
    Junior Member
    Join Date
    Oct 2008
    Posts
    9

    Default

    Hi,

    Sorry it took me so long to get back to you too. I appreciate all your time and effort to help me out. I was busy these last few days. I did all that you requested me to do and here is the information.

    New HiJack Log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:45:39 AM, on 10/16/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\PROGRA~1\SYMANT~2\vptray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\\vptray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
    O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
    O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} - http://www.live365.com/players/p365vip.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 13152 bytes

    Combofix log

    ComboFix 08-10-12.01 - Daniel Jones 2008-10-13 19:23:05.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT -5:00]
    Running from: C:\Documents and Settings\Daniel Jones\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Daniel Jones\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\Daniel Jones\delself.bat
    C:\WINDOWS\System32\ftsrch.exe
    C:\WINDOWS\system32\shdocpe.dll
    C:\WINDOWS\SYSTEM32\vivurkxw.exe
    C:\WINDOWS\SYSTEM32\wini104552502.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\febuzyxo
    C:\Documents and Settings\All Users\Application Data\febuzyxo\xghmrghu.exe.bak
    C:\Documents and Settings\Daniel Jones\delself.bat
    C:\Program Files\cjxgsve
    C:\Program Files\cjxgsve\cfgactset.dll
    C:\WINDOWS\System32\ftsrch.exe
    C:\WINDOWS\SYSTEM32\vivurkxw.exe
    C:\WINDOWS\SYSTEM32\wini104552502.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
    .

    2008-10-13 03:28 . 2008-10-13 03:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-11 23:36 . 2008-10-11 23:37 <DIR> d-------- C:\rsit
    2008-10-10 12:56 . 2008-10-11 23:36 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-10 12:15 . 2008-10-12 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-10 01:31 . 2008-10-10 01:50 <DIR> d-------- C:\Lop SD
    2008-10-10 00:13 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
    2008-10-10 00:12 . 2008-10-10 00:12 <DIR> d-------- C:\Program Files\Panda Security
    2008-10-09 22:46 . 2008-10-13 04:10 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-10-09 21:44 . 2008-10-13 09:08 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-09 21:44 . 2008-10-09 21:44 <DIR> d-------- C:\Documents and Settings\Daniel Jones\Application Data\PC Tools
    2008-10-09 21:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
    2008-10-09 21:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
    2008-10-09 21:44 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
    2008-10-09 21:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
    2008-10-09 21:10 . 2008-10-09 21:10 <DIR> d-------- C:\Program Files\Lavasoft
    2008-10-09 21:08 . 2008-10-09 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-09 21:06 . 2008-10-09 21:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-09 13:02 . 2008-10-09 13:02 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-10-09 12:54 . 2008-10-13 19:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-23 12:45 . 2008-09-23 12:45 <DIR> d-------- C:\Documents and Settings\Daniel Jones\Application Data\CiscoCAA
    2008-09-23 00:48 . 2008-09-23 00:48 <DIR> d-------- C:\Documents and Settings\Daniel Jones\Application Data\CiscoCAA

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-09-12 15:52 --------- d-----w C:\Program Files\Rapidown
    2008-10-14 00:12 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-10-13 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-13 05:52 --------- d-----w C:\Documents and Settings\Daniel Jones\Application Data\U3
    2008-10-12 10:31 --------- d-----w C:\Documents and Settings\Daniel Jones\Application Data\U3
    2008-10-10 02:56 --------- d-----w C:\Program Files\StreamCast
    2008-10-10 02:56 --------- d-----w C:\Program Files\Media
    2008-10-10 02:09 --------- d-----w C:\Documents and Settings\Daniel Jones\Application Data\Lavasoft
    2008-10-09 17:58 --------- d-----w C:\Program Files\Common Files\Real
    2008-09-23 05:48 --------- d-----w C:\Program Files\Cisco Systems
    2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
    2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
    2008-01-07 23:10 62,128 ----a-w C:\Documents and Settings\Daniel Jones\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-01 03:00 62,128 ----a-w C:\Documents and Settings\Daniel Jones\Application Data\GDIPFONTCACHEV1.DAT
    2005-08-14 01:08 760,798 ----a-w C:\Program Files\VirtualDub-1.5.10.zip
    2002-08-12 22:10 110,592 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 294912]
    "DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 28672]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-11-07 8192]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
    "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 110592]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185896]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 1103240]
    "vptray"="C:\PROGRA~1\SYMANT~2\\vptray.exe" [2005-04-17 85184]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
    "CARPService"="carpserv.exe" [2003-01-23 C:\WINDOWS\SYSTEM32\carpserv.exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-08 24576]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-19 126136]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "SpecifyDefaultButtons"= 0 (0x0)
    "Btn_Search"= 0 (0x0)
    "NoBandCustomize"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= tabdec.dll
    "VIDC.IYUV"= tabdec.dll
    "VIDC.YVU9"= tabdec.dll
    "VIDC.I263"= i263_32.drv
    "vidc.mpng"= tabdec.dll
    "vidc.mjpg"= tabdec.dll
    "vidc.mvjp"= tabdec.dll
    "vidc.yv12"= tabdec.dll
    "vidc.444p"= tabdec.dll
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.ac3filter"= ac3filter.acm
    "msacm.divxa32"= DivXa32.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
    backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
    backup=C:\WINDOWS\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-itŪ Software Notes Lite.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-itŪ Software Notes Lite.lnk
    backup=C:\WINDOWS\pss\Post-itŪ Software Notes Lite.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    --a------ 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HalfMoonAutoStart]
    --a------ 2004-06-28 19:37 548864 C:\Program Files\Lithic\HalfMoon\halfmoon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    --a------ 2005-08-02 14:33 159832 C:\Program Files\Common Files\aol\1125447176\ee\AOLHostManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2006-11-07 16:41 110592 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2004-05-28 15:22 4882432 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
    --a------ 2007-02-21 21:13 62512 C:\Program Files\RSSoft\RedSwoosh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-10-09 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
    --------- 2006-03-07 01:52 36864 C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    --a------ 2005-04-17 11:30 85184 C:\PROGRA~1\SYMANT~2\VPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "Viewpoint Manager Service"=2 (0x2)
    "UleadBurningHelper"=2 (0x2)
    "iPod Service"=3 (0x3)
    "DSBrokerService"=3 (0x3)
    "DefWatch"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Leisure\\Ares\\ares.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\Program Files\\mozilla.org\\Mozilla\\mozilla.exe"=
    "C:\\Program Files\\Common Files\\aol\\1125447176\\ee\\AOLServiceHost.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh
    "57934:TCP"= 57934:TCP:Pando P2P TCP Listening Port
    "57934:UDP"= 57934:UDP:Pando P2P UDP Listening Port

    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
    S3 SNPP202;PC Camera (6028 VGA);C:\WINDOWS\system32\DRIVERS\snpp202.sys [2002-12-05 236544]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cced75c0-cac4-11db-91be-00904bb3cc4f}]
    \Shell\AutoRun\command - E:\LaunchU3.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2005-08-09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1112322812.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 19:29:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    Completion time: 2008-10-13 19:43:13
    ComboFix-quarantined-files.txt 2008-10-14 00:41:57
    ComboFix2.txt 2008-10-13 04:53:15
    ComboFix3.txt 2008-10-13 07:56:47

    Pre-Run: 1,367,142,400 bytes free
    Post-Run: 1,350,926,336 bytes free

    238 --- E O F --- 2008-10-11 16:25:52
  2. 2008-10-16, 10:54 #12
    godwin
    godwin is offline
    Junior Member
    Join Date
    Oct 2008
    Posts
    9

    Smile

    Here is my Kaspersky log as requested. I had no idea I had all these viruses! I thought that my Norton AntiVirus was picking these up. Let me know what my next steps may be to get rid of these.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, October 15, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, October 14, 2008 22:28:01
    Records in database: 1312015
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    G:\

    Scan statistics:
    Files scanned: 138385
    Threat name: 33
    Infected objects: 136
    Suspicious objects: 1
    Duration of the scan: 04:41:30


    File name / Threat name / Threats count
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00006.VBN Infected: Exploit.Java.Gimsh.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00008.VBN Infected: Exploit.Java.Gimsh.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000B.VBN Infected: Exploit.Java.Gimsh.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000D.VBN Infected: Exploit.Java.Gimsh.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000F.VBN Infected: Exploit.Java.Gimsh.b 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.h 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.b 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.a 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Agent.vdb 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.EZula.a 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
    C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.SideSearch.l 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
    C:\Documents and Settings\Default User\My Documents\Data\all_files_ic.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.h 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.b 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.a 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Agent.vdb 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.EZula.a 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.SideSearch.l 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files_ic.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher.exe Infected: Trojan-Downloader.Win32.VB.q 1
    C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher.exe Infected: Backdoor.Win32.VB.nb 1
    C:\Documents and Settings\Default User\My Documents\Data\MemWatcher.exe Infected: Trojan-Downloader.Win32.VB.q 1
    C:\Documents and Settings\Default User\My Documents\Data\MemWatcher.exe Infected: Backdoor.Win32.VB.nb 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.h 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.b 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Agent.vdb 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.EZula.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.SideSearch.l 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files_ic.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.h 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.b 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Turown.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Agent.vdb 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe Infected: not-a-virus:AdWare.Win32.EZula.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.SideSearch.l 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4b.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files_ic.exe Infected: not-a-virus:AdWare.Win32.Connector 2
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\MemWatcher.exe Infected: Trojan-Downloader.Win32.VB.q 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\MemWatcher.exe Infected: Backdoor.Win32.VB.nb 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\MemWatcher.exe Infected: Trojan-Downloader.Win32.VB.q 1
    C:\Documents and Settings\Daniel Jones\My Documents\Data\MemWatcher.exe Infected: Backdoor.Win32.VB.nb 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\hijackthis.log Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\setup2.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 3
    C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\setup2.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
    C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
    C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
    C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
    C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
    C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
    C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
    C:\Program Files\Other\dist1.exe Infected: Trojan-Downloader.Win32.Agent.vdb 1
    C:\Program Files\Other\ss_IGN7_setup.exe Infected: not-a-virus:AdWare.Win32.SideSearch.l 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\febuzyxo\xghmrghu.exe.bak.vir Infected: Trojan.Win32.Obfuscated.gx 1
    C:\Qoobox\Quarantine\C\Program Files\cjxgsve\cfgactset.dll.vir Infected: Trojan.Win32.Obfuscated.gx 1
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DLLCACHE\beep.sys.vir Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vivurkxw.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP681\A0155081.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP681\A0155092.exe Infected: Trojan.Win32.Obfuscated.gx 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP686\A0155976.exe Infected: not-a-virus:AdWare.Win32.SpecialOffers.a 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP691\A0156136.dll Infected: not-a-virus:AdWare.Win32.Dap.c 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP695\A0158021.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP695\A0158023.SYS Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP696\A0158255.dll Infected: Trojan.Win32.Obfuscated.gx 1
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP696\A0158257.exe Infected: Trojan.Win32.Obfuscated.gx 1
    C:\WINDOWS\esbst-3.exe Infected: Backdoor.Win32.Ruledor.c 1
    C:\WINDOWS\esbst-3.exe Infected: not-a-virus:AdWare.Win32.SpecialOffers.a 1

    The selected area was scanned.

    Thanks for all your help!
  3. 2008-10-16, 11:27 #13
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00006.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00008.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000B.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000D.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E0000F.VBN
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe
C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe
C:\Documents and Settings\Default User\My Documents\Data\all_files_ic.exe
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files_ic.exe
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher.exe
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files4b.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\all_files_ic.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files4b.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\all_files_ic.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\Data\MemWatcher.exe
C:\Documents and Settings\Daniel Jones\My Documents\Data\MemWatcher.exe
C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\BSINSTALL.exe
C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\hijackthis.log
C:\Documents and Settings\Daniel Jones\Local Settings\My Documents\Other\setup2.exe
C:\Documents and Settings\Daniel Jones\My Documents\setup_ares.exe
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz
C:\Program Files\Other\dist1.exe
C:\Program Files\Other\ss_IGN7_setup.exe
C:\WINDOWS\esbst-3.exe
    • Return to OTMoveIt2, right click in the
      Paste Standard List of Files/Folders to Move
       window (under the light blue bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it & a fresh hjt log in your next reply.
    • Close OTMoveIt2

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Please run Kaspersky online scanner again and post back its report too.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  4. 2008-10-23, 21:31 #14
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules