Jump to content


Photo

Pop ups, slow startup, and foreign programs


  • This topic is locked This topic is locked
30 replies to this topic

#1 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 27 May 2007 - 08:21 PM

Hi, i am having bad spyware issues, popups are everywhere, my computer can take forever to load now, and i have foreign programs telling me that they will help me remove spyware which im pretty sure they are spyware here is my hijacked log:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:51 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\DOCUME~1\Iceman\LOCALS~1\Temp\Set38B.tmp
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\Program Files\??mantec\w?nlogon.exe
C:\DOCUME~1\Iceman\LOCALS~1\Temp\!update.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\tvcbcpfp.dll",realset
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvam.dll,startup
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun3.exe SKY002
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun3.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

please help.

#2 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 28 May 2007 - 03:31 PM

is there anything else i can do to help, and did i post the log correctly?

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 30 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 01 June 2007 - 04:43 AM

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Next:

Please post a fresh HiJackThis log, as well as the reports from DrWeb and ComboFix.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 02 June 2007 - 10:33 PM

Heres the combo fix log

Logfile of HijackThis v1.99.1
Scan saved at 10:28:06 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CC7A426C-D78E-8F2E-D178-82ADD8E921E3} - C:\WINDOWS\system32\qyyy.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qqhsmreh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:28:06 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CC7A426C-D78E-8F2E-D178-82ADD8E921E3} - C:\WINDOWS\system32\qyyy.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qqhsmreh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [Klwgi] "C:\Program Files\??mantec\w?nlogon.exe"
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

drweb log

installfile2.exe;c:\documents and settings\iceman\local settings\temp;Adware.Mirarbar;Incurable.Moved.;
stdrun5.exe;c:\documents and settings\iceman\local settings\temp;Probably UPX;Incurable.Moved.;
cfg32.exe\data001;c:\windows\cfg32.exe;Adware.BookedSpace;;
cfg32.exe\data002;c:\windows\cfg32.exe;Adware.BookedSpace;;
data003\data001;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;
data003\data002;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;
data003\data001;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003\data002;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003\data003;c:\windows\cfg32.exe\data003\data003;Adware.BookedSpace;;
data003;c:\windows\cfg32.exe\data003;Archive contains infected objects;;
data003\data004;c:\windows\cfg32.exe\data003;Adware.BookedSpace;;
data003;c:\windows\cfg32.exe;Archive contains infected objects;;
cfg32.exe\data004;c:\windows\cfg32.exe;Adware.BookedSpace;;
cfg32.exe;c:\windows;Archive contains infected objects;Moved.;
itpb_11.exe;c:\windows;Adware.ZenoSearch;Incurable.Moved.;
autosys.exe;c:\windows\system32;Trojan.DownLoader.22947;Deleted.;
ddcdcbc.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
ddcya.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
core.sys;c:\windows\system32\drivers;Trojan.NtRootKit.239;Deleted.;
drvvam.dll;c:\windows\system32;Trojan.Fakealert.249;Deleted.;
kknmifhg.dll;c:\windows\system32;Adware.Crew;Incurable.Moved.;
ldcore.dll;c:\windows\system32;Trojan.DownLoader.18468;Will be cured after reboot.;
qqhsmreh.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
tvcbcpfp.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
winrge32.dll;c:\windows\system32;Trojan.DownLoader.22758;Will be cured after reboot.;
!update.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22753;Deleted.;
G5zunxlS.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22964;Deleted.;
gos20.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22758;Deleted.;
installfile2.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Adware.Mirarbar;;
MSI65E1.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.18400;Deleted.;
MSI8E68.tmp;C:\Documents and Settings\Iceman\Local Settings\Temp;BackDoor.Bulknet;Deleted.;
rf309861820mm.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22964;Deleted.;
stdrun1.exe\data001;C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun1.exe;Adware.Bagon;;
stdrun1.exe\data002;C:\Documents and Settings\Iceman\Local Settings\Temp\stdrun1.exe;Trojan.MulDrop.4522;;
stdrun1.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Archive contains infected objects;Moved.;
stdrun3.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Adware.ZenoSearch;;
stdrun4.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.Packed.135;Deleted.;
stdrun5.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Probably UPX;;
stdrun8.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.Mezzia;Deleted.;
wfywcqt.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.20672;Deleted.;
win24.tmp.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.23032;Deleted.;
win30.tmp.exe;C:\Documents and Settings\Iceman\Local Settings\Temp;Trojan.DownLoader.22225;Deleted.;
xzc37[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\A4HQ2GV5;Trojan.DownLoader.22225;Deleted.;
exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\H2CLQLR6;BackDoor.Bulknet;Deleted.;
xc36[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\H2CLQLR6;Adware.Akella;;
!update-4395[1].0000;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.DownLoader.22753;Deleted.;
installer[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.PWS.Tanspy;Deleted.;
lo1[1];C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\N9ZG9BZS;Trojan.Virtumod;Deleted.;
loadadv605[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\NXO4LBFL;Trojan.DownLoader.22411;Deleted.;
counter21[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\PHFFUWIL;Trojan.DownLoader.20672;Deleted.;
cfg32[1].exe\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;
cfg32[1].exe\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;
data003\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;
data003\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;
data003\data001;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;
data003\data002;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;
data003\data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003\data003;Adware.BookedSpace;;
data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Archive contains infected objects;;
data003\data004;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe\data003;Adware.BookedSpace;;
data003;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Archive contains infected objects;;
cfg32[1].exe\data004;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ\cfg32[1].exe;Adware.BookedSpace;;
cfg32[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Archive contains infected objects;Moved.;
exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.Virtumod;Deleted.;
loader[1];C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.DownLoader.22823;Deleted.;
win[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.Mezzia;Deleted.;
xc23[2].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\RUZUTKFZ;Trojan.DownLoader.23032;Deleted.;
L2[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV;Trojan.DownLoader.20139;Deleted.;
!update-4395[1].0000;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22753;Deleted.;
1[1].txt;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22964;Deleted.;
bptle[1].txt;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.22947;Deleted.;
exe[1].php;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Trojan.DownLoader.18400;Deleted.;
TISKY003[1].exe;C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\ZGTFM4P2;Adware.ZenoSearch;;
stdrun4.exe\data001;C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe;Trojan.DownLoader.10588;;
stdrun4.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Archive contains infected objects;Moved.;
stdrun6.exe;C:\Documents and Settings\LocalService\Local Settings\Temp;Trojan.Click.2446;Deleted.;
stdrun10.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Trojan.Click.2446;Deleted.;
stdrun7.exe\data001;C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe;Trojan.DownLoader.10588;;
stdrun7.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Archive contains infected objects;Moved.;
stdrun9.exe\data001;C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe;Trojan.DownLoader.10588;;
stdrun9.exe;C:\Documents and Settings\NetworkService\Local Settings\Temp;Archive contains infected objects;Moved.;
Yazzle1162OinAdmin.exe;C:\Program Files\Common Files;Adware.ClickSpring;;
SetupDTSB.exe;C:\Program Files\DAEMON Tools;Adware.SaveNow;;
A0021729.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.DownLoader.23066;Deleted.;
A0021730.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;
A0021731.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;
A0021732.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;
A0021733.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.Rond;Deleted.;
A0021735.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Adware.ClickSpring;;
A0021737.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41;Trojan.StartPage.1790;Deleted.;
A0025849.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP42;Trojan.DownLoader.22964;Deleted.;
A0026017.exe\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;
A0026017.exe\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;
data003\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;
data003\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;
data003\data001;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;
data003\data002;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;
data003\data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003\data003;Adware.BookedSpace;;
data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Archive contains infected objects;;
data003\data004;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe\data003;Adware.BookedSpace;;
data003;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Archive contains infected objects;;
A0026017.exe\data004;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026017.exe;Adware.BookedSpace;;
A0026017.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Archive contains infected objects;Moved.;
A0026018.exe;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.DownLoader.22947;Deleted.;
A0026019.sys;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.NtRootKit.239;Deleted.;
A0026020.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Fakealert.249;Deleted.;
A0026021.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Virtumod;Deleted.;
A0026022.dll;C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43;Trojan.Virtumod;Deleted.;
cfg32a.exe\data001;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;
cfg32a.exe\data002;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;
data003\data001;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;
data003\data002;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;
data003\data003;C:\WINDOWS\cfg32a.exe\data003;Adware.BookedSpace;;
data003;C:\WINDOWS\cfg32a.exe;Archive contains infected objects;;
cfg32a.exe\data004;C:\WINDOWS\cfg32a.exe;Adware.BookedSpace;;
cfg32a.exe;C:\WINDOWS;Archive contains infected objects;Moved.;
itpb_11.exe;C:\WINDOWS;Adware.ZenoSearch;;
raa.exe;C:\WINDOWS;Trojan.DownLoader.22964;Deleted.;
sammy3.exe;C:\WINDOWS;Trojan.MulDrop.6135;Deleted.;
stub_track3.exe;C:\WINDOWS;Trojan.DownLoader.10588;Deleted.;
svchost.exe;C:\WINDOWS;Adware.Akella;;
cksrkubg.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ddcdcbc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
ddcya.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
hycxjlix.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
kknmifhg.dll;C:\WINDOWS\system32;Adware.Crew;;
ldcore.dll;C:\WINDOWS\system32;Trojan.DownLoader.18468;Will be cured after reboot.;
nnnkiif.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
winrge32.dll;C:\WINDOWS\system32;Trojan.DownLoader.22758;Will be cured after reboot.;
mst305.tmp;C:\WINDOWS\Temp;Trojan.Fakealert.249;Deleted.;
stdrun5.exe\data001;C:\WINDOWS\Temp\stdrun5.exe;Trojan.DownLoader.10588;;
stdrun5.exe;C:\WINDOWS\Temp;Archive contains infected objects;Moved.;
stdrun7.exe;C:\WINDOWS\Temp;Trojan.Click.2446;Deleted.;
stdrun9.exe;C:\WINDOWS\Temp;Adware.ZenoSearch;;
win2F5.tmp.exe~;C:\WINDOWS\Temp;Trojan.DownLoader.23032;Deleted.;
win304.tmp.exe;C:\WINDOWS\Temp;Adware.Akella;;
win30A.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.22225;Deleted.;
win484.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.20139;Deleted.;

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 June 2007 - 04:36 AM

Hi again,

I don't seem to have the ComboFix log, can you run it again and post the results here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 03 June 2007 - 10:04 PM

sorry about that i accidentally double poster the hijack log, heres the combofix

"Iceman" - 2007-06-02 22:09:58 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"


Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gebbxyw.dll
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcdcbc.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Program Files\Common Files\Yazzle1162OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
"C:\DOCUME~1\Iceman\APPLIC~1\Install.dat"
"C:\WINDOWS\system32\wnstsicomsv.exe"
"C:\Program Files\outerinfo\OiUninstaller.exe"
"C:\Program Files\outerinfo\outerinfo.ico"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\WINDOWS\system32\advvpi32.dll"
"C:\WINDOWS\system32\ldinfo.ldr"
"C:\WINDOWS\system32\wl.exe"
"C:\WINDOWS\svchost.exe"
"C:\WINDOWS\system32\drivers\core.cache.dsk"
"C:\WINDOWS\itpb_3.exe"
"C:\WINDOWS\system32\klikalka.exe"
"C:\WINDOWS\cs_cache.ini"
"C:\wn0032.exe"
"C:\WINDOWS\system32\drivers\npf.sys"
"C:\Program Files\outerinfo"
"C:\Temp\tn3"

-- Purity Folders:

C:\Program Files\MANTEC~1



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core
-------\NPF


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb
2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb
2007-06-02 16:52 2,580 --a------ C:\WINDOWS\system32\vvhosqsr.exe
2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe
2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b
2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin
2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios
2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd
2007-05-27 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-27 00:37 169,017 --a------ C:\WINDOWS\system32\mcpcuninstaller1_25.EXE
2007-05-26 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC
2007-05-26 23:54 <DIR> d-------- C:\Program Files\myCleanerPC
2007-05-26 23:29 60,928 --a------ C:\WINDOWS\system32\qyyy.dll
2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll
2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll
2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll
2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ
2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9
2007-05-25 23:20 <DIR> d-------- C:\Temp
2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft
2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots
2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots
2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares
2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat
2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe
2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games
2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS
2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS
2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar
2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios
2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios
2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft
2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft
2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc
2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc
2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime
2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock
2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat
2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive
2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet
2007-05-15 19:52 <DIR> d-------- C:\Downloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 00:45:51 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso
2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger
2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan
2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus
2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia
2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia
2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter
2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe
2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys
2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso
2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe
2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead
2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead
2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft
2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies
2007-04-04 19:56:33 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\InstallShield
2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]
{CC7A426C-D78E-8F2E-D178-82ADD8E921E3}=C:\WINDOWS\system32\qyyy.dll [2007-05-21 08:59]
{CD3447D4-CA39-4377-8084-30E86331D74C}=C:\WINDOWS\system32\qqhsmreh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-05-27 00:41]
"Klwgi"="C:\Program Files\??mantec\w?nlogon.exe" []
"@"="" []
"myCleanerPC"="C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe" [2005-05-02 11:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
winrge32.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f367d50-b3da-11db-ba89-0013d3765f5b}]
AutoRun\command- E:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 22:23:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]
"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

Completion time: 2007-06-02 22:26:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-02 22:25

--- E O F ---

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 June 2007 - 12:39 PM

Hi again,

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7A426C-D78E-8F2E-D178-82ADD8E921E3}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD3447D4-CA39-4377-8084-30E86331D74C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Klwgi"=-
"@"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Please do the following:
Run a BitDefender Online scan Here and post the results.

Please also post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 04 June 2007 - 07:43 PM

BitDefender Online Scanner







Scan report generated at: Mon, Jun 04, 2007 - 19:38:06









Scan path: C:\;D:\;E:\;















Statistics

Time


01:25:59

Files


346014

Folders


4928

Boot Sectors


2

Archives


2258

Packed Files


8245







Results

Identified Viruses


21

Infected Files


28

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


27







Engines Info

Virus Definitions


511817

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Infected with: Trojan.Downloader.Small.BHH

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Disinfection failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Deleted

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)


Update failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Infected with: Trojan.Dialer.VTA

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Disinfection failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Deleted

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)


Update failed

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Infected with: MemScan:Trojan.Downloader.Agent.YDN

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe


Update failed

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Infected with: MemScan:Trojan.Downloader.Agent.YDN

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe


Update failed

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Infected with: Generic.Adw.SaveNow.F5FEB660

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Disinfection failed

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Deleted

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)


Update failed

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Deleted

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir


Infected with: Trojan.Agent.AIM

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir


Infected with: Trojan.Clicker.Small.YA

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\klikalka.exe.vir


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe


Infected with: Trojan.Agent.AABR

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021718.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe


Infected with: Trojan.Clicker.Tiny.H

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021734.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Infected with: Trojan.Clicker.OwlForce.A

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)


Updated

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe


Update failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe


Infected with: Trojan.Clicker.Small.YA

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021760.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe


Infected with: Trojan.Vmcopup.A

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026024.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe


Infected with: Trojan.Dropper.RGG

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026025.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026027.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026027.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll


Infected with: Trojan.Virtumod.ALZ

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026028.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll


Infected with: MemScan:Trojan.Virtumonde.IC

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026029.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe


Infected with: Trojan.Dropper.Zeno.A

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026030.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll


Infected with: Trojan.Downloader.Small.YM

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026034.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll


Infected with: Trojan.Dialer.VTF

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026035.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe


Infected with: Trojan.Agent.AIM

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026231.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe


Infected with: Trojan.Clicker.Small.YA

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026234.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe


Infected with: Trojan.Dropper.Zeno.A

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026409.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe


Infected with: MemScan:Trojan.Zlob.AVP

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0026410.exe


Deleted

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Infected with: Trojan.Dropper.Zeno.A

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Disinfection failed

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Deleted

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)


Update failed

C:\WINDOWS\system32\vvhosqsr.exe


Infected with: Trojan.LowZones.SA

C:\WINDOWS\system32\vvhosqsr.exe


Disinfection failed

C:\WINDOWS\system32\vvhosqsr.exe


Deleted

C:\WINDOWS\system32\DOBE~1\mmc.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\WINDOWS\system32\DOBE~1\mmc.exe


Disinfection failed

C:\WINDOWS\system32\DOBE~1\mmc.exe


Delete failed

Logfile of HijackThis v1.99.1
Scan saved at 7:40:14 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\WINDOWS\system32\?ecurity\w?aclt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9D7D4B6E-D1D9-DE22-D178-82ADD8E927B6} - C:\WINDOWS\system32\odfjsfe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 June 2007 - 12:33 PM

Hi again,

There are a couple of folders that need to be deleted. They are:

C:\WINDOWS\system32\DOBE~1 - This folder name is shortened, so it will be dobe(xxxx), if there is more than one folder in system32 with the first four letters 'dobe' let me know, if not delete the one you find.
C:\WINDOWS\system32\?ecurity - The ? will be a random character.


Then please reboot and post a new HiJackThis log. If you have any problems with the above, let me know what they are.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 05 June 2007 - 04:02 PM

i dont see those folders, i see an Adobe and security

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 June 2007 - 04:30 AM

Hi,

Does the 'Security' folder reside in System32? If it does, delete it, the real Security folder should only exist in Windows i.e. C:\Windows\Security.

As for the other one, do Start > Search > AllFiles/Folders and enter DOBE and hit OK. Post any results here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 06 June 2007 - 01:56 PM

i tried deleting the security file but it said it was in use so i found it in ctrl - alt - del and stopped it but it still said the same thing, and i did a search for dobe but didnt find anything i also tried searching for hidden files and folders but nothing was found

#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 June 2007 - 12:24 PM

Hi again,

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Search for and delete C:\WINDOWS\system32\Security. (Folder)

Restart normally.

Do Start > Search > AllFiles/Folders and enter mmc.exe and hit OK. Post any results here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 07 June 2007 - 03:27 PM

i deleted the security folder which made a huge increase in startup speed
the search found 2 files
a mmc.exe in the system32 folder and a mmc.exe(several numbers and letters).pf file

#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 June 2007 - 04:10 PM

Hi,

C:\WINDOWS\system32\mmc.exe is the ligitimate file, can you give me the full filepath of the other one? Please also post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 07 June 2007 - 06:10 PM

the pf file is in C:\Windows\Prefetch

Logfile of HijackThis v1.99.1
Scan saved at 6:08:38 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C9791E6F-87DE-8E2A-DF78-82ADD8E929EB} - C:\WINDOWS\system32\ktmtrr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#18 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 June 2007 - 06:13 AM

Ok, those entries are still hanging around.

Please run ComboFix again, here's the download in case you deleted it:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#19 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 08 June 2007 - 09:27 PM

combofix

"Iceman" - 2007-06-08 21:17:47 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\wnstsicomsv.exe"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\Program Files\outerinfo"

-- Purity Folders:

C:\WINDOWS\system32\PPATCH~1
C:\DOCUME~1\Iceman\MYDOCU~1\CROSOF~1.NET



((((((((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))))))


2007-06-07 19:35 60,928 --a------ C:\WINDOWS\system32\qxgcirw.dll
2007-06-04 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-02 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb
2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb
2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe
2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b
2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin
2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios
2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd
2007-05-27 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lionhead Studios
2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-27 00:37 169,017 --a------ C:\WINDOWS\system32\mcpcuninstaller1_25.EXE
2007-05-26 23:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\myCleanerPC
2007-05-26 23:54 <DIR> d-------- C:\Program Files\myCleanerPC
2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll
2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll
2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll
2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ
2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9
2007-05-25 23:20 <DIR> d-------- C:\Temp
2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft
2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots
2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots
2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares
2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat
2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe
2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games
2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS
2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS
2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar
2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios
2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios
2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft
2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft
2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc
2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc
2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime
2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock
2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat
2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive
2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet
2007-05-15 19:52 <DIR> d-------- C:\Downloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 21:48:41 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso
2007-06-03 05:23:23 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Apple Computer
2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger
2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan
2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus
2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia
2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia
2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter
2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe
2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys
2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso
2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe
2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead
2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead
2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft
2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies
2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{987F1E6F-D4DC-D97E-8C78-82ADD8E928E4}=C:\WINDOWS\system32\qxgcirw.dll [2007-05-21 08:59]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-05-27 00:41]
"@"="" []
"myCleanerPC"="C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe" [2005-05-02 11:15]
"Vtnc"="C:\WINDOWS\system32\?ecurity\w?aclt.exe" []
"Wrqb"="C:\WINDOWS\system32\??pPatch\r?ndll32.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 21:22:10
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]
"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

Completion time: 2007-06-08 21:23:04
C:\ComboFix-quarantined-files.txt ... 2007-06-08 21:22
C:\ComboFix2.txt ... 2007-06-02 22:26

--- E O F ---

hijack this

Logfile of HijackThis v1.99.1
Scan saved at 9:27:25 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\WINDOWS\system32\??pPatch\r?ndll32.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {987F1E6F-D4DC-D97E-8C78-82ADD8E928E4} - C:\WINDOWS\system32\qxgcirw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - HKCU\..\Run: [Vtnc] C:\WINDOWS\system32\?ecurity\w?aclt.exe
O4 - HKCU\..\Run: [Wrqb] C:\WINDOWS\system32\??pPatch\r?ndll32.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#20 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 09 June 2007 - 05:42 AM

Hi again,

That's one stubborn PurityScan infection!

OK, please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{987F1E6F-D4DC-D97E-8C78-82ADD8E928E4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Atcm"=-
"@"=-
"Vtnc"=-
"Wrqb"=-





Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode with networking menu item, and then press Enter.

Please do the following:
Run a BitDefender Online scan Here and save the results.
(Do not go to any other sites)

Next:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Please now run ComboFix again, save the log and restart normally.

Please now post the BitDefender log, the ComboFix log and a new HiJackThis log.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#21 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 10 June 2007 - 08:20 PM

bitdefender



BitDefender Online Scanner







Scan report generated at: Sun, Jun 10, 2007 - 20:10:29









Scan path: C:\;D:\;E:\;















Statistics

Time


01:15:19

Files


339715

Folders


4916

Boot Sectors


2

Archives


2233

Packed Files


8107







Results

Identified Viruses


10

Infected Files


16

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


16







Engines Info

Virus Definitions


512842

Engine build


AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll


Infected with: Trojan.BHO.BN

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll


Disinfection failed

C:\Documents and Settings\Iceman\DoctorWeb\Quarantine\kknmifhg.dll


Deleted

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe


Disinfection failed

C:\Documents and Settings\Iceman\Local Settings\Temp\!update.exe


Deleted

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000


Infected with: Trojan.Downloader.PurityScan.DH

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000


Disinfection failed

C:\Documents and Settings\Iceman\Local Settings\Temporary Internet Files\Content.IE5\Y81R3MTV\!update-4395[1].0000


Deleted

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Infected with: Trojan.Downloader.Small.BHH

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Disinfection failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>keygen.exe


Deleted

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)


Update failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Infected with: Trojan.Dialer.VTA

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Disinfection failed

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)=>serial.exe


Deleted

C:\Documents and Settings\Iceman\My Documents\azurues\the_movies_keygen.exe=>(RAR Sfx o)


Update failed

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Infected with: MemScan:Trojan.Downloader.Agent.YDN

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temp\temp.exe


Update failed

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Infected with: MemScan:Trojan.Downloader.Agent.YDN

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe=>(Embedded EXE o)


Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temp\temp.exe


Update failed

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Infected with: Generic.Adw.SaveNow.F5FEB660

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Disinfection failed

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe


Deleted

C:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)


Update failed

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)=>zlib_nsis0001


Deleted

C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir=>(NSIS o)


Update failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Infected with: Trojan.Clicker.OwlForce.A

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)=>(bz2_data)


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe=>(BZIP2 o)


Updated

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP41\A0021738.exe


Update failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll


Infected with: Trojan.BHO.BN

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026031.dll


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP43\A0026227.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe


Infected with: Trojan.LowZones.SA

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP44\A0027410.exe


Deleted

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll


Infected with: Trojan.BHO.BN

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll


Disinfection failed

C:\System Volume Information\_restore{4DF4AFDA-45C2-43AF-88EA-258FE8F39C80}\RP47\A0030627.dll


Deleted

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Infected with: Trojan.Dropper.Zeno.A

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Disinfection failed

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)=>installfile1.exe


Deleted

C:\WINDOWS\itpb_4.exe=>(RAR Sfx o)=>Compinst1.exe=>(RAR Sfx o)


Update failed

C:\WINDOWS\system32\DOBE~1\mmc.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\WINDOWS\system32\DOBE~1\mmc.exe


Disinfection failed

C:\WINDOWS\system32\DOBE~1\mmc.exe


Deleted


Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 8:18:46 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\??sembly\d?xplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\system32\DOBE~1\mmc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CE2E4D3F-82D3-D22B-D178-82ADD8E970B4} - C:\WINDOWS\system32\aryy.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [myCleanerPC] C:\PROGRA~1\MYCLEA~1\myCleanerPC.exe
O4 - HKCU\..\Run: [Hdsae] "C:\Program Files\Common Files\??sembly\d?xplore.exe"
O4 - HKCU\..\Run: [Atcm] "C:\WINDOWS\system32\DOBE~1\mmc.exe" -vt ndrv
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#22 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 03:21 AM

Hi again,

Did you also run ComboFix in safe mode? If not, can you do that now and post the results please?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#23 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 11 June 2007 - 11:27 PM

"Iceman" - 2007-06-11 23:15:13 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Iceman\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\wnstsicomsv.exe"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\Program Files\outerinfo"

-- Purity Folders:

C:\Program Files\Common Files\SEMBLY~1



((((((((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 ))))))))))))))))))))))))))))))))))


2007-06-10 18:51 <DIR> d-------- C:\WINDOWS\CSC
2007-06-09 20:19 60,928 --a------ C:\WINDOWS\system32\aryy.dll
2007-06-04 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-02 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 17:18 <DIR> d-------- C:\Documents and Settings\Iceman\DoctorWeb
2007-06-02 17:18 <DIR> d-------- C:\DOCUME~1\Iceman\DoctorWeb
2007-05-31 20:09 220,349 --a------ C:\WINDOWS\itpb_4.exe
2007-05-31 20:08 <DIR> d-------- C:\Temp\x2b
2007-05-29 22:39 0 --a------ C:\WINDOWS\bstdin.bin
2007-05-27 20:54 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lionhead Studios
2007-05-27 20:46 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd
2007-05-27 00:37 72,192 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-25 23:22 37,424 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\MP4tem.dll
2007-05-25 23:21 37,424 --a------ C:\WINDOWS\system32\kbdidq.dll
2007-05-25 23:21 37,424 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\edbubs.dll
2007-05-25 23:20 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ
2007-05-25 23:20 <DIR> d-------- C:\Temp\0b9
2007-05-25 23:20 <DIR> d-------- C:\Temp
2007-05-25 23:16 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-05-25 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-25 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-25 03:28 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Lavasoft
2007-05-22 03:20 <DIR> d-------- C:\Program Files\Webshots
2007-05-22 03:20 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Webshots
2007-05-19 02:23 <DIR> d-------- C:\Program Files\Ares
2007-05-18 21:13 297 --a------ C:\WINDOWS\EReg072.dat
2007-05-18 21:10 314,880 --a------ C:\WINDOWS\IsUninst.exe
2007-05-18 21:10 <DIR> d-------- C:\Program Files\Firaxis Games
2007-05-18 21:09 <DIR> d-------- C:\Documents and Settings\Iceman\WINDOWS
2007-05-18 21:09 <DIR> d-------- C:\DOCUME~1\Iceman\WINDOWS
2007-05-18 20:22 <DIR> d-------- C:\Program Files\MicroStar
2007-05-17 19:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-17 19:24 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Black Sea Studios
2007-05-17 19:12 <DIR> d-------- C:\Program Files\Black Sea Studios
2007-05-17 19:04 <DIR> d-------- C:\Program Files\iPodSoft
2007-05-17 19:04 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\iPodSoft
2007-05-17 19:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-05-17 18:30 <DIR> d-------- C:\DOCUME~1\Iceman\APPLIC~1\Purple Ghost Software, Inc
2007-05-17 18:18 <DIR> d-------- C:\Program Files\QuickTime
2007-05-17 18:17 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-17 00:40 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2007-05-17 00:40 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-05-17 00:39 <DIR> d-------- C:\Program Files\Stardock
2007-05-16 22:42 1,430 --a------ C:\WINDOWS\checkip.dat
2007-05-15 21:22 <DIR> d-------- C:\Program Files\Paradox Interactive
2007-05-15 20:51 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-05-15 19:52 <DIR> d-------- C:\Program Files\BitComet
2007-05-15 19:52 <DIR> d-------- C:\Downloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 05:34:20 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Vso
2007-06-03 05:23:23 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Apple Computer
2007-05-28 01:52:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-27 04:51:31 -------- d-----w C:\Program Files\Messenger
2007-05-27 04:49:35 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-22 02:39:43 -------- d-----w C:\Program Files\SpeedFan
2007-05-16 00:52:22 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-05-16 00:45:38 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Azureus
2007-04-28 00:45:00 -------- d-----w C:\Program Files\AVSMedia
2007-04-28 00:44:53 -------- d-----w C:\Program Files\Common Files\AVSMedia
2007-04-28 00:17:12 -------- d-----w C:\Program Files\Total Video Converter
2007-04-25 21:15:57 81,920 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\ezpinst.exe
2007-04-25 21:15:57 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-25 21:15:57 47,360 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\pcouffin.sys
2007-04-25 21:15:54 -------- d-----w C:\Program Files\vso
2007-04-25 21:15:25 87,608 ----a-w C:\DOCUME~1\Iceman\APPLIC~1\inst.exe
2007-04-24 20:21:02 -------- d-----w C:\DOCUME~1\Iceman\APPLIC~1\Ahead
2007-04-24 20:17:43 -------- d-----w C:\Program Files\Ahead
2007-04-24 20:17:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-15 20:43:38 -------- d-----w C:\Program Files\Starcraft
2007-04-14 22:20:34 -------- d-----w C:\Program Files\StarWarsGalaxies
2007-04-02 22:58:54 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-04-02 22:58:53 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-04-02 22:58:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll [2007-04-29 04:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-29 15:57]
{CE2E4D3F-82D3-D22B-D178-82ADD8E970B4}=C:\WINDOWS\system32\aryy.dll [2007-05-21 08:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 13:09]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 19:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 15:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-14 17:37]
"@"="" []
"Hdsae"="C:\Program Files\Common Files\??sembly\d?xplore.exe" []
"Atcm"="C:\WINDOWS\system32\DOBE~1\mmc.exe" [2007-06-10 20:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f367d50-b3da-11db-ba89-0013d3765f5b}]
AutoRun\command- E:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
2007-05-17 23:17:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 23:21:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eventloganalyzer]
"ImagePath"="C:\AdventNet\ME\EventLog\bin\wrapper.exe -s C:\AdventNet\ME\EventLog\bin\\..\server\default\conf\wrapper.conf"

Completion time: 2007-06-11 23:22:19
C:\ComboFix-quarantined-files.txt ... 2007-06-11 23:21
C:\ComboFix2.txt ... 2007-06-08 21:23
C:\ComboFix3.txt ... 2007-06-02 22:26

--- E O F ---

#24 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 04:20 AM

Hi,

Create a new notepad document, and paste this:

dir C:\Program Files\Common Files\??sembly\d?xplore.exe /a h > files.txt
notepad files.txt


Save as type 'All Files' and name it look.bat and save it to desktop. Double-click on Look.bat and post the text that opens here.

And this one may not work but:

Create a new notepad document, and paste this:

dir C:\WINDOWS\system32\DOBE~1\mmc.exe /a h > files.txt
notepad files.txt


Save as type 'All Files' and name it look.bat and save it to desktop. Double-click on Look.bat and post the text that opens here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#25 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 12 June 2007 - 05:36 PM

the first one made an empty notepad the second gave me this.

Volume in drive C has no label.
Volume Serial Number is D4C8-2432

Directory of C:\WINDOWS\system32\DOBE~1

06/10/2007 08:15 PM 71,680 mmc.exe
1 File(s) 71,680 bytes

Directory of C:\Documents and Settings\Iceman\Desktop

#26 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 June 2007 - 04:32 AM

Hi again,

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Next:

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE2E4D3F-82D3-D22B-D178-82ADD8E970B4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hdsae"=-
"Atcm"=-



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Search for mmc.exe. When you find a file marked mmc, right click on it and select 'Properties'. When you find one with 'Size on Disk' as 71,680 bytes, delete it, check what folder it's in, (the elusive DOBE~1), and delete the folder too.

Restart.

Reconfigure Windows XP to hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading deselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Check the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


The post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#27 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 13 June 2007 - 06:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:33:54 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.0.1:3128
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ManageEngine EventLog Analyzer 4.0 (eventloganalyzer) - Unknown owner - C:\AdventNet\ME\EventLog\bin\wrapper.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#28 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 June 2007 - 06:38 PM

Hi again,

Got it! :hyper:

Ok, your log looks clean, how's your PC running?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#29 iceman22

iceman22

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 14 June 2007 - 05:28 PM

its running about the same as before the infection maybe better, thanks a lot for all the help with this

#30 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 June 2007 - 03:16 AM

You're welcome. :)

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

jedi :wave:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#31 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 21 June 2007 - 11:00 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button