• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
iceman22

Pop ups, slow startup, and foreign programs

31 posts in this topic

Hi, i am having bad spyware issues, popups are everywhere, my computer can take forever to load now, and i have foreign programs telling me that they will help me remove spyware which im pretty sure they are spyware here is my hijacked log:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:17:51 PM, on 5/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\Webshots\webshots.scr

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDll32.exe

C:\DOCUME~1\Iceman\LOCALS~1\Temp\Set38B.tmp

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe

C:\Program Files\??mantec\w?nlogon.exe

C:\DOCUME~1\Iceman\LOCALS~1\Temp\!update.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\tvcbcpfp.dll",realset

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvam.dll,startup

O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe

O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun3.exe SKY002

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun3.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

 

please help.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Next:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Next:

 

Please post a fresh HiJackThis log, as well as the reports from DrWeb and ComboFix.

 

jedi

Share this post


Link to post
Share on other sites

Heres the combo fix log

 

Logfile of HijackThis v1.99.1

Scan saved at 10:28:06 PM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\WINDOWS\system32\cmd.exe

C:\ComboFix\vfind.cfexe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {CC7A426C-D78E-8F2E-D178-82ADD8E921E3} - C:\WINDOWS\system32\qyyy.dll

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qqhsmreh.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

 

hijack this log

 

Logfile of HijackThis v1.99.1

Scan saved at 10:28:06 PM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\WINDOWS\system32\cmd.exe

C:\ComboFix\vfind.cfexe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {CC7A426C-D78E-8F2E-D178-82ADD8E921E3} - C:\WINDOWS\system32\qyyy.dll

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qqhsmreh.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

 

drweb log

 

installfile2.exe;c:\documents and settings\iceman\local settings\temp;Adware.Mirarbar;Incurable.Moved.;

stdrun5.exe;c:\documents and settings\iceman\local settings\temp;Probably UPX;Incurable.Moved.;

cfg32.exe\data001;c:\windows\cfg32.exe;Adware.BookedSpace;;

cfg32.exe\data002;c:\windows\cfg32.exe;Adware.BookedSpace;;

data003\data001;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;

data003\data002;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;

data003\data001;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;

data003\data002;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;

data003\data003;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;

data003;c:\windows\cfg32.exe\data003;Archive contains infected objects;;

data003\data004;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;

data003;c:\windows\cfg32.exe;Archive contains infected objects;;

cfg32.exe\data004;c:\windows\cfg32.exe;Adware.BookedSpace;;

cfg32.exe;c:\windows;Archive contains infected objects;Moved.;

itpb_11.exe;c:\windows;Adware.ZenoSearch;Incurable.Moved.;

autosys.exe;c:\windows\system32;Trojan.DownLoader.22947;Deleted.;

ddcdcbc.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;

ddcya.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;

core.sys;c:\windows\system32\drivers;Trojan.NtRootKit.239;Deleted.;

drvvam.dll;c:\windows\system32;Trojan.Fakealert.249;Deleted.;

kknmifhg.dll;c:\windows\system32;Adware.Crew;Incurable.Moved.;

ldcore.dll;c:\windows\system32;Trojan.DownLoader.18468;Will be cured after reboot.;

qqhsmreh.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;

tvcbcpfp.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;

winrge32.dll;c:\windows\system32;Trojan.DownLoader.22758;Will be cured after reboot.;

!update.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22753;Deleted.;

G5zunxlS.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22964;Deleted.;

gos20.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22758;Deleted.;

installfile2.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Adware.Mirarbar;;

MSI65E1.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.18400;Deleted.;

MSI8E68.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;BackDoor.Bulknet;Deleted.;

rf309861820mm.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22964;Deleted.;

stdrun1.exe\data001;C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun1.exe;Adware.Bagon;;

stdrun1.exe\data002;C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun1.exe;Trojan.MulDrop.4522;;

stdrun1.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Archive contains infected objects;Moved.;

stdrun3.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Adware.ZenoSearch;;

stdrun4.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.Packed.135;Deleted.;

stdrun5.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Probably UPX;;

stdrun8.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.Mezzia;Deleted.;

wfywcqt.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.20672;Deleted.;

win24.tmp.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.23032;Deleted.;

win30.tmp.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22225;Deleted.;

xzc37[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\A4HQ2GV5;Trojan.DownLoader.22225;Deleted.;

exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\H2CLQLR6;BackDoor.Bulknet;Deleted.;

xc36[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\H2CLQLR6;Adware.Akella;;

!update-4395[1].0000;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.DownLoader.22753;Deleted.;

installer[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.PWS.Tanspy;Deleted.;

lo1[1];C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.Virtumod;Deleted.;

loadadv605[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\NXO4LBFL;Trojan.DownLoader.22411;Deleted.;

counter21[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\PHFFUWIL;Trojan.DownLoader.20672;Deleted.;

cfg32[1].exe\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;

cfg32[1].exe\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;

data003\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;

data003\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;

data003\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;

data003\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;

data003\data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;

data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Archive contains infected objects;;

data003\data004;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;

data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Archive contains infected objects;;

cfg32[1].exe\data004;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;

cfg32[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Archive contains infected objects;Moved.;

exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.Virtumod;Deleted.;

loader[1];C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.DownLoader.22823;Deleted.;

win[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.Mezzia;Deleted.;

xc23[2].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.DownLoader.23032;Deleted.;

L2[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV;Trojan.DownLoader.20139;Deleted.;

!update-4395[1].0000;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22753;Deleted.;

1[1].txt;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22964;Deleted.;

bptle[1].txt;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22947;Deleted.;

exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.18400;Deleted.;

TISKY003[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Adware.ZenoSearch;;

stdrun4.exe\data001;C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe;Trojan.DownLoader.10588;;

stdrun4.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Archive contains infected objects;Moved.;

stdrun6.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Trojan.Click.2446;Deleted.;

stdrun10.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.Click.2446;Deleted.;

stdrun7.exe\data001;C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe;Trojan.DownLoader.10588;;

stdrun7.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Archive contains infected objects;Moved.;

stdrun9.exe\data001;C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe;Trojan.DownLoader.10588;;

stdrun9.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Archive contains infected objects;Moved.;

Yazzle1162OinAdmin.exe;C:\Program Files\Common Files;Adware.ClickSpring;;

SetupDTSB.exe;C:\Program Files\DAEMON Tools;Adware.SaveNow;;

A0021729.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.DownLoader.23066;Deleted.;

A0021730.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;

A0021731.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;

A0021732.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;

A0021733.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;

A0021735.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Adware.ClickSpring;;

A0021737.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.StartPage.1790;Deleted.;

A0025849.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP42;Trojan.DownLoader.22964;Deleted.;

A0026017.exe\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;

A0026017.exe\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;

data003\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;

data003\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;

data003\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;

data003\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;

data003\data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;

data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Archive contains infected objects;;

data003\data004;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;

data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Archive contains infected objects;;

A0026017.exe\data004;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;

A0026017.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Archive contains infected objects;Moved.;

A0026018.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.DownLoader.22947;Deleted.;

A0026019.sys;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.NtRootKit.239;Deleted.;

A0026020.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Fakealert.249;Deleted.;

A0026021.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Virtumod;Deleted.;

A0026022.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Virtumod;Deleted.;

cfg32a.exe\data001;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;

cfg32a.exe\data002;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;

data003\data001;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;

data003\data002;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;

data003\data003;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;

data003;C:\WINDOWS\cfg32a.exe;Archive contains infected objects;;

cfg32a.exe\data004;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;

cfg32a.exe;C:\WINDOWS;Archive contains infected objects;Moved.;

itpb_11.exe;C:\WINDOWS;Adware.ZenoSearch;;

raa.exe;C:\WINDOWS;Trojan.DownLoader.22964;Deleted.;

sammy3.exe;C:\WINDOWS;Trojan.MulDrop.6135;Deleted.;

stub_track3.exe;C:\WINDOWS;Trojan.DownLoader.10588;Deleted.;

svchost.exe;C:\WINDOWS;Adware.Akella;;

cksrkubg.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

ddcdcbc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;

ddcya.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;

hycxjlix.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

kknmifhg.dll;C:\WINDOWS\system32;Adware.Crew;;

ldcore.dll;C:\WINDOWS\system32;Trojan.DownLoader.18468;Will be cured after reboot.;

nnnkiif.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

winrge32.dll;C:\WINDOWS\system32;Trojan.DownLoader.22758;Will be cured after reboot.;

mst305.tmp;C:\WINDOWS\Temp;Trojan.Fakealert.249;Deleted.;

stdrun5.exe\data001;C:\WINDOWS\Temp\stdrun5.exe;Trojan.DownLoader.10588;;

stdrun5.exe;C:\WINDOWS\Temp;Archive contains infected objects;Moved.;

stdrun7.exe;C:\WINDOWS\Temp;Trojan.Click.2446;Deleted.;

stdrun9.exe;C:\WINDOWS\Temp;Adware.ZenoSearch;;

win2F5.tmp.exe~;C:\WINDOWS\Temp;Trojan.DownLoader.23032;Deleted.;

win304.tmp.exe;C:\WINDOWS\Temp;Adware.Akella;;

win30A.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.22225;Deleted.;

win484.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.20139;Deleted.;

Share this post


Link to post
Share on other sites

Hi again,

 

I don't seem to have the ComboFix log, can you run it again and post the results here.

 

jedi

Share this post


Link to post
Share on other sites

sorry about that i accidentally double poster the hijack log, heres the combofix

 

"Iceman" - 2007-06-02 22:09:58 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"

 

 

Unable to gain System Privileges

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\gebbxyw.dll

C:\WINDOWS\system32\aycdd.bak1

C:\WINDOWS\system32\aycdd.bak2

C:\WINDOWS\system32\aycdd.ini

C:\WINDOWS\system32\aycdd.tmp

C:\WINDOWS\system32\aycdd.bak1

C:\WINDOWS\system32\aycdd.bak2

C:\WINDOWS\system32\aycdd.ini

C:\WINDOWS\system32\ddcya.dll

C:\WINDOWS\system32\ddcdcbc.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

"C:\Program Files\Common Files\Yazzle1162OinAdmin.exe"

"C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"

"C:\DOCUME~1\Iceman\APPLIC~1\Install.dat"

"C:\WINDOWS\system32\wnstsicomsv.exe"

"C:\Program Files\outerinfo\OiUninstaller.exe"

"C:\Program Files\outerinfo\outerinfo.ico"

"C:\Program Files\outerinfo\Terms.rtf"

"C:\WINDOWS\system32\advvpi32.dll"

"C:\WINDOWS\system32\ldinfo.ldr"

"C:\WINDOWS\system32\wl.exe"

"C:\WINDOWS\svchost.exe"

"C:\WINDOWS\system32\drivers\core.cache.dsk"

"C:\WINDOWS\itpb_3.exe"

"C:\WINDOWS\system32\klikalka.exe"

"C:\WINDOWS\cs_cache.ini"

"C:\wn0032.exe"

"C:\WINDOWS\system32\drivers\npf.sys"

"C:\Program Files\outerinfo"

"C:\Temp\tn3"

 

-- Purity Folders:

 

C:\Program Files\MANTEC~1

 

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\core

-------\NPF

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))

 

 

2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb

2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb

2007-06-02 16:52 2,580 --a------ C:\WINDOWS\system32\vvhosqsr.exe

2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe

2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b

2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin

2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios

2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd

2007-05-27 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios

2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll

2007-05-27 00:37 169,017 --a------ C:\WINDOWS\system32\mcpcuninstaller1_25.EXE

2007-05-26 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC

2007-05-26 23:54 <DIR> d-------- C:\Program Files\myCleanerPC

2007-05-26 23:29 60,928 --a------ C:\WINDOWS\system32\qyyy.dll

2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll

2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll

2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll

2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ

2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9

2007-05-25 23:20 <DIR> d-------- C:\Temp

2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe

2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft

2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots

2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots

2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares

2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat

2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe

2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games

2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS

2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS

2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar

2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios

2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios

2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft

2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft

2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc

2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc

2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime

2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update

2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll

2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock

2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock

2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat

2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive

2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet

2007-05-15 19:52 <DIR> d-------- C:\Downloads

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-01 00:45:51 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso

2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger

2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools

2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan

2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus

2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia

2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia

2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter

2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe

2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys

2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso

2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe

2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead

2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead

2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead

2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft

2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies

2007-04-04 19:56:33 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\InstallShield

2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat

2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif

2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]

{CC7A426C-D78E-8F2E-D178-82ADD8E921E3}=C:\WINDOWS\system32\qyyy.dll [2007-05-21 08:59]

{CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\qqhsmreh.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]

"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]

"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"SoundMan"="SOUNDMAN.EXE" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]

"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-05-27 00:41]

"Klwgi"="C:\Program Files\??mantec\w?nlogon.exe" []

"@"="" []

"myCleanerPC"="C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe" [2005-05-02 11:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]

winrge32.dll

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f367d50-b3da-11db-ba89-0013d3765f5b}]

AutoRun\command- E:\autoplay.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-02 22:23:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

********************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]

"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

 

Completion time: 2007-06-02 22:26:13 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-02 22:25

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi again,

 

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7A426C-D78E-8F2E-D178-82ADD8E921E3}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD3447D4-CA39-4377-8084-30E86331D74C}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Klwgi"=-

"@"=-

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]

 

 

 

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

Next:

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

Please also post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

BitDefender Online Scanner

 

 

 

 

 

 

 

Scan report generated at: Mon, Jun 04, 2007 - 19:38:06

 

 

 

 

 

 

 

 

 

Scan path: C:\;D:\;E:\;

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Statistics

 

Time

 

 

01:25:59

 

Files

 

 

346014

 

Folders

 

 

4928

 

Boot Sectors

 

 

2

 

Archives

 

 

2258

 

Packed Files

 

 

8245

 

 

 

 

 

 

 

Results

 

Identified Viruses

 

 

21

 

Infected Files

 

 

28

 

Suspect Files

 

 

0

 

Warnings

 

 

0

 

Disinfected

 

 

0

 

Deleted Files

 

 

27

 

 

 

 

 

 

 

Engines Info

 

Virus Definitions

 

 

511817

 

Engine build

 

 

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

 

Scan plugins

 

 

14

 

Archive plugins

 

 

38

 

Unpack plugins

 

 

6

 

E-mail plugins

 

 

6

 

System plugins

 

 

1

 

 

 

 

 

 

 

Scan Settings

 

First Action

 

 

Disinfect

 

Second Action

 

 

Delete

 

Heuristics

 

 

Yes

 

Enable Warnings

 

 

Yes

 

Scanned Extensions

 

 

*;

 

Exclude Extensions

 

 

 

 

Scan Emails

 

 

Yes

 

Scan Archives

 

 

Yes

 

Scan Packed

 

 

Yes

 

Scan Files

 

 

Yes

 

Scan Boot

 

 

Yes

 

 

 

 

 

 

 

 

Scanned File

 

 

Status

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Infected with: Trojan.Downloader.Small.BHH

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Deleted

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Infected with: Trojan.Dialer.VTA

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Deleted

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Infected with: MemScan:Trojan.Downloader.Agent.YDN

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Disinfection failed

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Deleted

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe

 

 

Update failed

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Infected with: MemScan:Trojan.Downloader.Agent.YDN

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Disinfection failed

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Deleted

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe

 

 

Update failed

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Infected with: Generic.Adw.SaveNow.F5FEB660

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Disinfection failed

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Deleted

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)

 

 

Update failed

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Infected with: Trojan.Purityad.O

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Disinfection failed

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Deleted

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)

 

 

Update failed

 

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir

 

 

Infected with: Trojan.Agent.AIM

 

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir

 

 

Disinfection failed

 

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir

 

 

Deleted

 

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir

 

 

Infected with: Trojan.Clicker.Small.YA

 

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir

 

 

Disinfection failed

 

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe

 

 

Infected with: Trojan.Agent.AABR

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe

 

 

Infected with: Trojan.Clicker.Tiny.H

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Infected with: Trojan.Clicker.OwlForce.A

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)

 

 

Updated

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe

 

 

Update failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe

 

 

Infected with: Trojan.Clicker.Small.YA

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe

 

 

Infected with: Trojan.Vmcopup.A

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe

 

 

Infected with: Trojan.Dropper.RGG

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026027.dll

 

 

Infected with: Trojan.Spy.VBStat.B

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026027.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll

 

 

Infected with: Trojan.Virtumod.ALZ

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll

 

 

Infected with: MemScan:Trojan.Virtumonde.IC

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe

 

 

Infected with: Trojan.Dropper.Zeno.A

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll

 

 

Infected with: Trojan.Downloader.Small.YM

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll

 

 

Infected with: Trojan.Dialer.VTF

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Infected with: Trojan.Purityad.O

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)

 

 

Update failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe

 

 

Infected with: Trojan.Agent.AIM

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe

 

 

Infected with: Trojan.Clicker.Small.YA

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe

 

 

Infected with: Trojan.Dropper.Zeno.A

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe

 

 

Infected with: MemScan:Trojan.Zlob.AVP

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe

 

 

Deleted

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Infected with: Trojan.Dropper.Zeno.A

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Disinfection failed

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Deleted

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\WINDOWS\system32\vvhosqsr.exe

 

 

Infected with: Trojan.LowZones.SA

 

C:\WINDOWS\system32\vvhosqsr.exe

 

 

Disinfection failed

 

C:\WINDOWS\system32\vvhosqsr.exe

 

 

Deleted

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Infected with: Trojan.Downloader.PurityScan.DH

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Disinfection failed

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Delete failed

 

Logfile of HijackThis v1.99.1

Scan saved at 7:40:14 PM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\WINDOWS\system32\?ecurity\w?aclt.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9D7D4B6E-D1D9-DE22-D178-82ADD8E927B6} - C:\WINDOWS\system32\odfjsfe.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Share this post


Link to post
Share on other sites

Hi again,

 

There are a couple of folders that need to be deleted. They are:

 

C:\WINDOWS\system32\DOBE~1 - This folder name is shortened, so it will be dobe(xxxx), if there is more than one folder in system32 with the first four letters 'dobe' let me know, if not delete the one you find.

C:\WINDOWS\system32\?ecurity - The ? will be a random character.

 

Then please reboot and post a new HiJackThis log. If you have any problems with the above, let me know what they are.

 

jedi

Share this post


Link to post
Share on other sites

Hi,

 

Does the 'Security' folder reside in System32? If it does, delete it, the real Security folder should only exist in Windows i.e. C:\Windows\Security.

 

As for the other one, do Start > Search > AllFiles/Folders and enter DOBE and hit OK. Post any results here.

 

jedi

Share this post


Link to post
Share on other sites

i tried deleting the security file but it said it was in use so i found it in ctrl - alt - del and stopped it but it still said the same thing, and i did a search for dobe but didnt find anything i also tried searching for hidden files and folders but nothing was found

Share this post


Link to post
Share on other sites

Hi again,

 

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.

Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

 

Search for and delete C:\WINDOWS\system32\Security. (Folder)

 

Restart normally.

 

Do Start > Search > AllFiles/Folders and enter mmc.exe and hit OK. Post any results here.

 

jedi

Share this post


Link to post
Share on other sites

i deleted the security folder which made a huge increase in startup speed

the search found 2 files

a mmc.exe in the system32 folder and a mmc.exe(several numbers and letters).pf file

Share this post


Link to post
Share on other sites

Hi,

 

C:\WINDOWS\system32\mmc.exe is the ligitimate file, can you give me the full filepath of the other one? Please also post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

the pf file is in C:\Windows\Prefetch

 

Logfile of HijackThis v1.99.1

Scan saved at 6:08:38 PM, on 6/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {C9791E6F-87DE-8E2A-DF78-82ADD8E929EB} - C:\WINDOWS\system32\ktmtrr.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Share this post


Link to post
Share on other sites

Ok, those entries are still hanging around.

 

Please run ComboFix again, here's the download in case you deleted it:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

combofix

 

"Iceman" - 2007-06-08 21:17:47 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

"C:\WINDOWS\system32\wnstsicomsv.exe"

"C:\Program Files\outerinfo\Terms.rtf"

"C:\Program Files\outerinfo"

 

-- Purity Folders:

 

C:\WINDOWS\system32\PPATCH~1

C:\DOCUME~1\Iceman\MYDOCU~1\CROSOF~1.NET

 

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))))))

 

 

2007-06-07 19:35 60,928 --a------ C:\WINDOWS\system32\qxgcirw.dll

2007-06-04 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-06-02 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb

2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb

2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe

2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b

2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin

2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios

2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd

2007-05-27 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios

2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll

2007-05-27 00:37 169,017 --a------ C:\WINDOWS\system32\mcpcuninstaller1_25.EXE

2007-05-26 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC

2007-05-26 23:54 <DIR> d-------- C:\Program Files\myCleanerPC

2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll

2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll

2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll

2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ

2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9

2007-05-25 23:20 <DIR> d-------- C:\Temp

2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe

2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft

2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots

2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots

2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares

2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat

2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe

2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games

2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS

2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS

2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar

2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios

2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios

2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft

2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft

2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc

2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc

2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime

2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update

2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll

2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock

2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock

2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat

2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive

2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet

2007-05-15 19:52 <DIR> d-------- C:\Downloads

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-08 21:48:41 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso

2007-06-03 05:23:23 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Apple Computer

2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger

2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools

2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan

2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus

2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia

2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia

2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter

2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe

2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys

2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso

2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe

2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead

2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead

2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead

2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft

2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies

2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat

2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif

2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

{987F1E6F-D4DC-D97E-8C78-82ADD8E928E4}=C:\WINDOWS\system32\qxgcirw.dll [2007-05-21 08:59]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]

"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]

"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"SoundMan"="SOUNDMAN.EXE" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]

"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-05-27 00:41]

"@"="" []

"myCleanerPC"="C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe" [2005-05-02 11:15]

"Vtnc"="C:\WINDOWS\system32\?ecurity\w?aclt.exe" []

"Wrqb"="C:\WINDOWS\system32\??pPatch\r?ndll32.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-08 21:22:10

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]

"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

 

Completion time: 2007-06-08 21:23:04

C:\ComboFix-quarantined-files.txt ... 2007-06-08 21:22

C:\ComboFix2.txt ... 2007-06-02 22:26

 

--- E O F ---

 

hijack this

 

Logfile of HijackThis v1.99.1

Scan saved at 9:27:25 PM, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\WINDOWS\system32\??pPatch\r?ndll32.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {987F1E6F-D4DC-D97E-8C78-82ADD8E928E4} - C:\WINDOWS\system32\qxgcirw.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe

O4 - HKCU\..\Run: [Wrqb] C:\WINDOWS\system32\??pPatch\r?ndll32.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Share this post


Link to post
Share on other sites

Hi again,

 

That's one stubborn PurityScan infection!

 

OK, please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{987F1E6F-D4DC-D97E-8C78-82ADD8E928E4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Atcm"=-

"@"=-

"Vtnc"=-

"Wrqb"=-

 

 

 

 

 

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

Next:

 

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.

Using the arrow keys on the keyboard, scroll to and select the Safe mode with networking menu item, and then press Enter.

 

Please do the following:

Run a BitDefender Online scan Here and save the results.

(Do not go to any other sites)

 

Next:

 

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.

Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

 

Please now run ComboFix again, save the log and restart normally.

 

Please now post the BitDefender log, the ComboFix log and a new HiJackThis log.

Share this post


Link to post
Share on other sites

bitdefender

 

 

 

BitDefender Online Scanner

 

 

 

 

 

 

 

Scan report generated at: Sun, Jun 10, 2007 - 20:10:29

 

 

 

 

 

 

 

 

 

Scan path: C:\;D:\;E:\;

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Statistics

 

Time

 

 

01:15:19

 

Files

 

 

339715

 

Folders

 

 

4916

 

Boot Sectors

 

 

2

 

Archives

 

 

2233

 

Packed Files

 

 

8107

 

 

 

 

 

 

 

Results

 

Identified Viruses

 

 

10

 

Infected Files

 

 

16

 

Suspect Files

 

 

0

 

Warnings

 

 

0

 

Disinfected

 

 

0

 

Deleted Files

 

 

16

 

 

 

 

 

 

 

Engines Info

 

Virus Definitions

 

 

512842

 

Engine build

 

 

AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

 

Scan plugins

 

 

14

 

Archive plugins

 

 

38

 

Unpack plugins

 

 

6

 

E-mail plugins

 

 

6

 

System plugins

 

 

1

 

 

 

 

 

 

 

Scan Settings

 

First Action

 

 

Disinfect

 

Second Action

 

 

Delete

 

Heuristics

 

 

Yes

 

Enable Warnings

 

 

Yes

 

Scanned Extensions

 

 

*;

 

Exclude Extensions

 

 

 

 

Scan Emails

 

 

Yes

 

Scan Archives

 

 

Yes

 

Scan Packed

 

 

Yes

 

Scan Files

 

 

Yes

 

Scan Boot

 

 

Yes

 

 

 

 

 

 

 

 

Scanned File

 

 

Status

 

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll

 

 

Infected with: Trojan.BHO.BN

 

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll

 

 

Deleted

 

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe

 

 

Infected with: Trojan.Downloader.PurityScan.DH

 

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe

 

 

Deleted

 

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000

 

 

Infected with: Trojan.Downloader.PurityScan.DH

 

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000

 

 

Deleted

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Infected with: Trojan.Downloader.Small.BHH

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe

 

 

Deleted

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Infected with: Trojan.Dialer.VTA

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Disinfection failed

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe

 

 

Deleted

 

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Infected with: MemScan:Trojan.Downloader.Agent.YDN

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Disinfection failed

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Deleted

 

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe

 

 

Update failed

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Infected with: MemScan:Trojan.Downloader.Agent.YDN

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Disinfection failed

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)

 

 

Deleted

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe

 

 

Update failed

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Infected with: Generic.Adw.SaveNow.F5FEB660

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Disinfection failed

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

 

 

Deleted

 

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)

 

 

Update failed

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Infected with: Trojan.Purityad.O

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Disinfection failed

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001

 

 

Deleted

 

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)

 

 

Update failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Infected with: Trojan.Clicker.OwlForce.A

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)

 

 

Updated

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe

 

 

Update failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll

 

 

Infected with: Trojan.BHO.BN

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Infected with: Trojan.Purityad.O

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)

 

 

Update failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe

 

 

Infected with: Trojan.LowZones.SA

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe

 

 

Deleted

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll

 

 

Infected with: Trojan.BHO.BN

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll

 

 

Disinfection failed

 

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll

 

 

Deleted

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Infected with: Trojan.Dropper.Zeno.A

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Disinfection failed

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe

 

 

Deleted

 

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)

 

 

Update failed

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Infected with: Trojan.Downloader.PurityScan.DH

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Disinfection failed

 

C:\WINDOWS\system32\DOBE~1\mmc.exe

 

 

Deleted

 

 

Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 8:18:46 PM, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\??sembly\d?xplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\WINDOWS\system32\DOBE~1\mmc.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {CE2E4D3F-82D3-D22B-D178-82ADD8E970B4} - C:\WINDOWS\system32\aryy.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe

O4 - HKCU\..\Run: [Hdsae] "C:\Program Files\Common Files\??sembly\d?xplore.exe"

O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Did you also run ComboFix in safe mode? If not, can you do that now and post the results please?

 

jedi

Share this post


Link to post
Share on other sites

"Iceman" - 2007-06-11 23:15:13 Service Pack 2 [sAFE MODE]

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

"C:\WINDOWS\system32\wnstsicomsv.exe"

"C:\Program Files\outerinfo\Terms.rtf"

"C:\Program Files\outerinfo"

 

-- Purity Folders:

 

C:\Program Files\Common Files\SEMBLY~1

 

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 ))))))))))))))))))))))))))))))))))

 

 

2007-06-10 18:51 <DIR> d-------- C:\WINDOWS\CSC

2007-06-09 20:19 60,928 --a------ C:\WINDOWS\system32\aryy.dll

2007-06-04 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-06-02 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb

2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb

2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe

2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b

2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin

2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios

2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd

2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll

2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll

2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll

2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll

2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ

2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9

2007-05-25 23:20 <DIR> d-------- C:\Temp

2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe

2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft

2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots

2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots

2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares

2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat

2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe

2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games

2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS

2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS

2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar

2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios

2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios

2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft

2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft

2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc

2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime

2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update

2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll

2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock

2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock

2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat

2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive

2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet

2007-05-15 19:52 <DIR> d-------- C:\Downloads

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-11 05:34:20 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso

2007-06-03 05:23:23 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Apple Computer

2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger

2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools

2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan

2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus

2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia

2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia

2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter

2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe

2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys

2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso

2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe

2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead

2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead

2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead

2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft

2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies

2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat

2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif

2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]

{CE2E4D3F-82D3-D22B-D178-82ADD8E970B4}=C:\WINDOWS\system32\aryy.dll [2007-05-21 08:59]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]

"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]

"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"SoundMan"="SOUNDMAN.EXE" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]

"@"="" []

"Hdsae"="C:\Program Files\Common Files\??sembly\d?xplore.exe" []

"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-06-10 20:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f367d50-b3da-11db-ba89-0013d3765f5b}]

AutoRun\command- E:\autoplay.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-11 23:21:05

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

********************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]

"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

 

Completion time: 2007-06-11 23:22:19

C:\ComboFix-quarantined-files.txt ... 2007-06-11 23:21

C:\ComboFix2.txt ... 2007-06-08 21:23

C:\ComboFix3.txt ... 2007-06-02 22:26

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi,

 

Create a new notepad document, and paste this:

 

dir C:\Program Files\Common Files\??sembly\d?xplore.exe /a h > files.txt

notepad files.txt

 

Save as type 'All Files' and name it look.bat and save it to desktop. Double-click on Look.bat and post the text that opens here.

 

And this one may not work but:

 

Create a new notepad document, and paste this:

 

dir C:\WINDOWS\system32\DOBE~1\mmc.exe /a h > files.txt

notepad files.txt

 

Save as type 'All Files' and name it look.bat and save it to desktop. Double-click on Look.bat and post the text that opens here.

 

jedi

Share this post


Link to post
Share on other sites

the first one made an empty notepad the second gave me this.

 

Volume in drive C has no label.

Volume Serial Number is D4C8-2432

 

Directory of C:\WINDOWS\system32\DOBE~1

 

06/10/2007 08:15 PM 71,680 mmc.exe

1 File(s) 71,680 bytes

 

Directory of C:\Documents and Settings\Iceman\Desktop

Share this post


Link to post
Share on other sites

Hi again,

 

Reconfigure Windows XP to show hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

 

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

Next:

 

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE2E4D3F-82D3-D22B-D178-82ADD8E970B4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Hdsae"=-

"Atcm"=-

 

 

 

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

Next:

 

Search for mmc.exe. When you find a file marked mmc, right click on it and select 'Properties'. When you find one with 'Size on Disk' as 71,680 bytes, delete it, check what folder it's in, (the elusive DOBE~1), and delete the folder too.

 

Restart.

 

Reconfigure Windows XP to hide hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

 

Under the Hidden files and folders heading deselect "Show hidden files and folders".

Check the "Hide protected operating system files (recommended)" option.

Check the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

 

The post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 6:33:54 PM, on 6/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Webshots.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Got it! :hyper:

 

Ok, your log looks clean, how's your PC running?

 

jedi

Share this post


Link to post
Share on other sites

You're welcome. :)

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

jedi :wave:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0