Results 1 to 2 of 2

Thread: Im another with virtumonde

  1. 2008-03-03, 01:37 #1
    roguewarrior
    roguewarrior is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    16

    Default Im another with virtumonde

    Need hep please :( Here is my HJT report.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:36:13 PM, on 3/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\bak\bak\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\??curity\d?dplay.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\sony\usbsircs\usbsircs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JESS\Application Data\Mozilla\Profiles\default\za9qguwi.slt\prefs.js)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\bak\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\llrqfwre.dll",b
    O4 - HKLM\..\Run: [BM4798d2e4] Rundll32.exe "C:\WINDOWS\system32\lwfnirxq.dll",s
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\jess\APPLIC~1\CROSOF~1\csrss.exe" -vt yazb
    O4 - HKCU\..\Run: [Cbvlvwpz] "C:\Program Files\??curity\d?dplay.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.amaena.com (HKLM)
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.coupons.smartsour...ad/cscmv5X.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1188072055937
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/def...rsion=1,0,0,10
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

    --
    End of file - 12283 bytes
  2. 2008-03-03, 02:05 #2
    roguewarrior
    roguewarrior is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    16

    Default

    and heres the combofix

    ComboFix 08-03-03.6 - jess 2008-03-02 18:51:49.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT -6:00]
    Running from: C:\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\jess\Application Data\CROSOF~1
    C:\Documents and Settings\jess\Application Data\CROSOF~1\??crosoft\
    C:\Program Files\curity~1
    C:\Program Files\curity~1\d?dplay.exe
    C:\Program Files\outerinfo
    C:\Program Files\WinBudget
    C:\Program Files\WinBudget\bin\matrix.dat
    C:\Program Files\WinBudget\bin\matrix.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\bkR11
    C:\Temp\bkR11\ftCa.log
    C:\temp\tn3
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\cccdd.ini
    C:\WINDOWS\system32\cccdd.ini2
    C:\WINDOWS\system32\ddccc.dll
    C:\WINDOWS\system32\drivers\core.cache(2).dsk
    C:\WINDOWS\system32\ebcdsumx.ini
    C:\WINDOWS\system32\erwfqrll.ini
    C:\WINDOWS\system32\jlkkj.ini
    C:\WINDOWS\system32\jlkkj.ini2
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\lwfnirxq.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nuinopsd
    C:\WINDOWS\system32\nuinopsd\bg1.gif
    C:\WINDOWS\system32\nuinopsd\bgtop.gif
    C:\WINDOWS\system32\nuinopsd\bottom1.gif
    C:\WINDOWS\system32\nuinopsd\essentials.gif
    C:\WINDOWS\system32\nuinopsd\install1.gif
    C:\WINDOWS\system32\nuinopsd\left1.gif
    C:\WINDOWS\system32\nuinopsd\li.gif
    C:\WINDOWS\system32\nuinopsd\logo.gif
    C:\WINDOWS\system32\nuinopsd\main.htm
    C:\WINDOWS\system32\nuinopsd\mainframe.htm
    C:\WINDOWS\system32\nuinopsd\reinstall1.gif
    C:\WINDOWS\system32\nuinopsd\right1.gif
    C:\WINDOWS\system32\nuinopsd\s1.htm
    C:\WINDOWS\system32\nuinopsd\s2.htm
    C:\WINDOWS\system32\nuinopsd\s3.htm
    C:\WINDOWS\system32\nuinopsd\SMTop1.gif
    C:\WINDOWS\system32\nuinopsd\SMTop2.gif
    C:\WINDOWS\system32\nuinopsd\SMTop3.gif
    C:\WINDOWS\system32\nuinopsd\SMTop4.gif
    C:\WINDOWS\system32\nuinopsd\soft1_off.gif
    C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
    C:\WINDOWS\system32\nuinopsd\soft1_on.gif
    C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
    C:\WINDOWS\system32\nuinopsd\soft2_off.gif
    C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
    C:\WINDOWS\system32\nuinopsd\soft2_on.gif
    C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
    C:\WINDOWS\system32\nuinopsd\soft3_off.gif
    C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
    C:\WINDOWS\system32\nuinopsd\soft3_on.gif
    C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
    C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
    C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
    C:\WINDOWS\system32\nuinopsd\softleft_off.gif
    C:\WINDOWS\system32\nuinopsd\softleft_on.gif
    C:\WINDOWS\system32\nuinopsd\top1.gif
    C:\WINDOWS\system32\nuinopsd\top2.gif
    C:\WINDOWS\system32\nuinopsd\turnoff1.gif
    C:\WINDOWS\system32\nuinopsd\turnon1.gif
    C:\WINDOWS\system32\obqqxslq.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qomnmkj.dll
    C:\WINDOWS\system32\vutsevag.dll
    C:\WINDOWS\system32\xhxgnkty.dll
    C:\WINDOWS\system32\xmusdcbe.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
    .

    2008-03-02 18:41 . 2008-03-02 18:41 1,580,580 --a------ C:\ComboFix.exe
    2008-03-02 18:38 . 2004-08-04 01:56 388,608 --a------ C:\CF416.exe
    2008-03-02 18:35 . 2008-03-02 18:35 812,344 --a------ C:\HJTInstall.exe
    2008-03-02 17:13 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-03-02 17:13 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-02 17:13 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-03-02 17:13 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-02 17:13 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-03-02 17:13 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-02 17:13 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-02 17:13 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-02 17:12 . 2008-03-02 17:12 <DIR> d-------- C:\Program Files\Alwil Software
    2008-03-02 15:52 . 2008-03-02 17:07 721 --a------ C:\WINDOWS\wininit.ini
    2008-03-02 15:37 . 2008-03-02 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-02 15:37 . 2008-03-02 16:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-03-02 15:34 . 2008-03-02 15:35 9,722,720 --a------ C:\spybotsd152.exe
    2008-03-02 13:25 . 2008-03-02 13:25 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
    2008-03-02 13:15 . 2008-03-02 18:52 21 --a------ C:\WINDOWS\pskt.ini
    2008-03-02 12:59 . 2008-03-02 12:59 <DIR> d-------- C:\WINDOWS\system32\iDlo01
    2008-03-02 12:59 . 2008-03-02 12:59 <DIR> d-------- C:\Temp\sanR24
    2008-03-01 21:25 . 2008-03-01 21:25 <DIR> d-------- C:\Documents and Settings\jess\Application Data\Viewpoint
    2008-03-01 21:25 . 2008-03-01 21:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-02-28 23:41 . 2008-02-28 23:41 <DIR> d-------- C:\Documents and Settings\jess\Application Data\Leadertech
    2008-02-25 23:39 . 2008-02-25 23:39 <DIR> d-------- C:\WINDOWS\Pug Screen Cleaner Uninstaller
    2008-02-25 23:39 . 2008-01-24 18:38 1,683,896 --a------ C:\WINDOWS\Pug Screen Cleaner.swf
    2008-02-25 23:39 . 2007-07-21 14:52 903,168 --a------ C:\WINDOWS\Pug Screen Cleaner.scr
    2008-02-25 23:39 . 2007-07-21 14:53 495,104 --a------ C:\WINDOWS\Pug Screen Cleaner.exe
    2008-02-25 23:39 . 2006-11-04 22:42 161,078 --a------ C:\WINDOWS\Pug Screen Cleaner.bmp
    2008-02-25 23:39 . 2006-11-12 18:55 23,558 --a------ C:\WINDOWS\Pug Screen Cleaner.ico
    2008-02-25 23:39 . 2008-01-24 18:39 682 --a------ C:\WINDOWS\Pug Screen Cleaner.c3
    2008-02-25 23:39 . 2008-01-24 18:39 682 --a------ C:\WINDOWS\Pug Screen Cleaner.c1
    2008-02-25 23:39 . 2006-10-24 18:06 639 --a------ C:\WINDOWS\Pug Screen Cleaner.c4
    2008-02-25 23:39 . 2006-10-08 20:33 0 --a------ C:\WINDOWS\Pug Screen Cleaner.ini
    2008-02-04 20:22 . 2008-02-04 20:22 <DIR> d-------- C:\WINDOWS\system32\bak

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-03 00:35 --------- d-----w C:\Program Files\Trend Micro
    2008-03-01 15:07 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-02-28 00:59 --------- d-----w C:\Documents and Settings\jess\Application Data\Yahoo!
    2008-02-15 01:45 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-12 02:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2008-02-05 02:29 --------- d-----w C:\Program Files\QuickTime
    2008-01-19 00:48 --------- d--h--w C:\Program Files\Zero G Registry
    2008-01-19 00:40 --------- d-----w C:\Program Files\THQ
    2008-01-16 01:27 --------- d-----w C:\Program Files\Imsi
    2008-01-16 01:17 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-14 02:53 --------- d-----w C:\Program Files\Yahoo! Games
    2008-01-14 01:04 --------- d-----w C:\Documents and Settings\jess\Application Data\MySpace
    2008-01-14 01:03 --------- d-----w C:\Program Files\MySpace
    2008-01-12 23:06 --------- d-----w C:\Program Files\MSN Games
    2008-01-12 16:41 --------- d-----w C:\Documents and Settings\jess\Application Data\PlayFirst
    2008-01-12 16:41 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    2008-01-11 02:17 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
    2008-01-06 22:34 --------- d-----w C:\Program Files\sz8049_6
    2008-01-05 19:55 --------- d-----w C:\Program Files\sz8049_6jyjgyn
    2007-07-28 09:06 135 -c--a-w C:\Program Files\page.html
    2006-12-03 01:05 2,522 -c--a-w C:\Program Files\func.js
    2006-11-25 07:57 482 -c--a-w C:\Program Files\Del.js
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 63,712 2007-03-09 16:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    ----a-w 39,792 2007-10-11 01:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    ----a-w 335,872 2003-11-16 05:00:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    ----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    ----a-w 45,056 2006-02-02 13:12:30 C:\Program Files\HP\ToolBoxFX\bin\bak\HPTLBXFX.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

    ----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\Messenger\msmsgs.exe

    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\QuickTime\bak\qttask.exe
    ----a-w 14,860 2008-02-05 02:27:58 C:\Program Files\QuickTime\qttask.exe

    ----a-w 77,824 2003-12-02 20:38:13 C:\Program Files\QuickTime\bak\bak\qttask.exe
    ----a-w 14,860 2008-02-05 02:27:58 C:\Program Files\QuickTime\qttask.exe

    ----a-w 77,824 2003-12-02 20:38:13 C:\Program Files\QuickTime\bak\bak\qttask.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\QuickTime\bak\qttask.exe

    ----a-w 1,409,024 2003-06-24 00:32:54 C:\Program Files\support.com\client\bin\bak\tgcmd.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\support.com\client\bin\tgcmd.exe

    ----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    ----a-w 4,670,704 2007-08-30 22:43:18 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

    ----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

    ----a-w 28,672 2003-04-20 05:08:44 C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe

    ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

    ----a-w 40,960 2002-08-20 18:29:26 C:\WINDOWS\system32\bak\ezSP_Px.exe
    ----a-w 40,960 2002-08-20 18:29:26 C:\WINDOWS\system32\ezSP_Px.exe

    ----a-w 114,688 2003-04-07 07:07:38 C:\WINDOWS\system32\bak\hkcmd.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\WINDOWS\system32\hkcmd.exe

    ----a-w 155,648 2003-04-07 07:19:52 C:\WINDOWS\system32\bak\igfxtray.exe
    ----a-w 14,348 2008-02-29 05:46:17 C:\WINDOWS\system32\igfxtray.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4246C2C6-5676-0AA8-0617-5800CBCDDAB1}]
    C:\WINDOWS\system32\yjffss.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0D90A5B-B9C8-4B8F-A95A-523674181B11}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1BEDB7C-B9D9-4A4F-8028-E16061C181C6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0EFEFDA-2A89-4E99-8FEA-01167EDE82F3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-02-28 23:46 14348]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-28 23:46 14348]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-02-28 23:46 14348]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "Iinl"="C:\DOCUME~1\jess\APPLIC~1\CROSOF~1\csrss.exe" [ ]
    "Cbvlvwpz"="C:\Program Files\??curity\d?dplay.exe" [ ]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-02-28 23:46 14348]
    "QuickTime Task"="C:\Program Files\QuickTime\bak\bak\qttask.exe" [2003-12-02 14:38 77824]
    "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29 40960]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2008-02-28 23:46 14348]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-02-28 23:46 14348]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-02-28 23:46 14348]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-18 19:56 4841472]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 12:43 88363 C:\WINDOWS\AGRSMMSG.exe]
    "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2008-02-28 23:46 14348]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2008-02-28 23:46 14348]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-28 23:46 14348]
    "ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-02-28 23:46 14348]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-02-28 23:46 14348]
    "RegistryMechanic"="" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-28 23:46 14348]
    "44abe178"="C:\WINDOWS\system32\llrqfwre.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 06:05:56 65588]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 16:08:08 57344]
    Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2007-08-25 13:25:11 229376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ktlcbnde]
    ktlcbnde.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\\Program Files\\support.com\\client\\bin\\bak\\tgcmd.exe"=

    S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 10:22]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-02 19:00:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-03-02 19:02:49 - machine was rebooted [jess]
    ComboFix-quarantined-files.txt 2008-03-03 01:02:46
    .
    2008-02-13 01:55:11 --- E O F ---
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules