Symantec detected a bunch of trojans but cannot clean

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Symantec detected a bunch of trojans but cannot clean

Options

drosera View Member Profile	Aug 9 2008, 03:52 PM Post #1
New Member Group: New Member Posts: 4 Joined: 9-August 08 Member No.: 80,848 Operating System: Windows XP	Here is the HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 4:51:53 PM, on 8/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&...www.google.com/ (obfuscated) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {3C8B8175-A9BC-4239-9282-798E4EBA6D48} - c:\windows\system32\nafoktp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AE151937-09A4-4316-B270-B8DC31193BE2} - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstHelpv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?be6e6a58a801478591d965fc635413d1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?be6e6a58a801478591d965fc635413d1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: cqakhyai - C:\WINDOWS\SYSTEM32\nafoktp.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Is there anything in here that looks suspicious or unnecessary? Computer seems to be working fine at the moment...but I rather be sure. Thank you very much for all your help.

Trevuren View Member Profile	Aug 9 2008, 05:33 PM Post #2
Forum Dog Group: Classroom Teacher Posts: 7,780 Joined: 14-December 04 From: Ontario, Canada Member No.: 20,259 Operating System: XP Pro SP3 Vista Ultimate SP1 32 & 64 Bit	Hello drosera and welcome to the What the Tech Forums My name is Trevuren and I will be helping you with your problem. A. There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis. 1. Click HERE to get to Jotti's site. 2. At the top of the Jotti window, use the Browse button to locate the following file on your system: C:\WINDOWS\SYSTEM32\nafoktp.dll 3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed. 4. Please provide me with the results of the analysis. B. Now we must disable some of your security programs so that they do not interfere with the running of our tools: NORTON ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. right-click it -> chose "Disable Auto-Protect." select a duration of 5 hours (this assures no interference with the cleanup of your pc) click "Ok." a popup will warn that protection will now be disabled and the sign will now look like this: You succesfully disabled the Norton Antivirus Guard. C. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop. Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version. Go to -> Run -> copy/paste the following single line command in the runbox & click OK "%userprofile%\desktop\combofix.exe" /killall DO NOT USE your computer for any other purpose while ComboFix is running. ComboFix may restart your computer, this is normal. When finished, it will produce a log, ComboFix.txt. Please post ComboFix.txt in your next reply along with a new HijackThis log. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

drosera View Member Profile	Aug 9 2008, 10:24 PM Post #3
New Member Group: New Member Posts: 4 Joined: 9-August 08 Member No.: 80,848 Operating System: Windows XP	Here are the results of scanning: Scan taken on 10 Aug 2008 04:18:56 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Here are the Statistics: Scanner Malware name A-Squared X AntiVir X ArcaVir Trojan.Monder.Dm Avast X AVG Antivirus Vundo.U BitDefender Trojan.Vundo.EYE ClamAV Trojan.Vundo-5447 CPsecure Troj.W32.Monderc.gen Dr.Web Trojan.Virtumod.based.21 F-Prot Antivirus X F-Secure Anti-Virus Trojan.Win32.Monderc.gen Fortinet X Ikarus X Kaspersky Anti-Virus Trojan.Win32.Monderc.gen NOD32 a variant of Win32/Adware.Virtumonde.NAE application Norman Virus Control X Panda Antivirus X Sophos Antivirus Mal/Generic-A VirusBuster X VBA32 Trojan.Win32.Monderc.gen I noticed when I restarted m computer, on the bottom right a message popped up called "System" and when I clicked on it, it led me to another website for spyware removal. Before I posted my hijackthis log, I had removed 2 spyware removal programs that were downloaded from that website by accident. Thanks again for all your help.

drosera View Member Profile	Aug 9 2008, 10:52 PM Post #4
New Member Group: New Member Posts: 4 Joined: 9-August 08 Member No.: 80,848 Operating System: Windows XP	ComboFix Log: ComboFix 08-08-09.03 - HP_Owner 2008-08-09 23:28:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT -5:00] Running from: C:\Documents and Settings\HP_Owner\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\A-He\Application Data\macromedia\Flash Player\#SharedObjects\XYJM6BT5\interclick.com C:\Documents and Settings\A-He\Application Data\macromedia\Flash Player\#SharedObjects\XYJM6BT5\interclick.com\ud.sol C:\Documents and Settings\A-He\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\A-He\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\A-Xing\Application Data\macromedia\Flash Player\#SharedObjects\VK3WKKZA\interclick.com C:\Documents and Settings\A-Xing\Application Data\macromedia\Flash Player\#SharedObjects\VK3WKKZA\interclick.com\ud.sol C:\Documents and Settings\A-Xing\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\A-Xing\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\A-Xing\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\HP_Owner\Application Data\install.dat C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\NGLE9BDB\interclick.com C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\NGLE9BDB\interclick.com\ud.sol C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\secure32.html C:\WINDOWS\Tasks.\At1.job C:\WINDOWS\timessquare1.dat D:\Autorun.inf C:\WINDOWS\system32\nafoktp.dll . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LLIJHSBD -------\Service_llijhsbd ((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))) . 2008-08-09 12:42 . 2008-08-09 12:42 170 --a------ C:\WINDOWS\wininit.ini 2008-07-31 20:13 . 2008-07-31 20:13 <DIR> d-------- C:\WINDOWS\system32\Mozilla Shared 2008-07-28 10:40 . 2008-07-28 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\cwldynzb 2008-07-28 09:42 . 2008-07-28 09:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\cwldynzb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 22:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-03 04:13 --------- d-----w C:\Program Files\Common Files\xing shared 2008-07-03 04:13 --------- d-----w C:\Program Files\Common Files\Real 2008-06-22 15:43 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-23 05:15 691,545 ----a-w C:\WINDOWS\unins000.exe 2007-12-26 12:46 36,178,432 ----a-w C:\Program Files\MOVAVI VideoSuite 3.5 + seriale.rar 2007-12-26 12:23 11,299 ----a-w C:\Program Files\MOVAVI_VideoSuite_3.5___seriale.3636157.TPB.torrent 2007-12-26 12:03 7,802,195 ----a-w C:\Program Files\Plato_Video_To_3GP___Serial.rar 2007-12-26 11:54 7,846,959 ----a-w C:\Program Files\PlatoVideoTo3GP_CE.exe 2007-12-26 11:52 128,368 ----a-w C:\Program Files\Download_PlatoVideoTo3GP_CE.exe 2007-11-25 16:50 6,820,552 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe 2006-08-17 04:21 6,000,168 ----a-w C:\Program Files\setup.exe 2006-08-12 01:09 10,310,760 ----a-w C:\Program Files\SkypeSetup.exe 2006-06-17 02:02 1,094,119 ----a-w C:\Program Files\dvdshrink32setup.zip 2006-06-10 06:28 189,920 ----a-w C:\Program Files\msicuu2.exe 2006-06-07 01:26 1,265,995 ----a-w C:\Program Files\SetupAnyDVD5963.exe 2006-02-08 16:37 1,018 -c--a-w C:\Documents and Settings\A-He\Application Data\wklnhst.dat 2006-01-31 17:16 1,212 -c--a-w C:\Documents and Settings\A-Xing\Application Data\wklnhst.dat 2005-11-30 06:49 1,222,068 ----a-w C:\Program Files\DVD9-2-ISO Sony CDVDGEN.zip 2005-11-24 19:16 212,849 ----a-w C:\Program Files\hijackthis.zip 2005-11-24 17:54 22,198,220 -c--a-w C:\Program Files\Quicktime Pro 7.0+Keygen.rar 2005-11-24 17:52 14,021,231 -c--a-w C:\Program Files\Quicktime Pro 7.0 for Windows (with serial number).ZIP 2005-11-24 04:20 3,331,327 ----a-w C:\Program Files\getrt52d.exe 2005-11-22 01:02 34,412,848 ----a-w C:\Program Files\iTunesSetup.exe 2005-11-14 04:25 9,352,392 ----a-w C:\Program Files\Install_MSN_Messenger.exe 2005-11-06 06:27 381,480 ----a-w C:\Program Files\msgr7us.exe 2005-10-12 05:17 273,342 ----a-w C:\Program Files\DivFix110.zip 2005-09-27 03:13 734,160 ----a-w C:\Program Files\VobSub_2.23.exe 2005-07-20 17:24 327 ----a-w C:\Program Files\Serial Number READ FIRST.txt 2005-07-06 16:59 15,212,848 ----a-w C:\Program Files\QuickTimeInstaller.exe 2005-02-16 17:06 218,112 ----a-w C:\Program Files\HijackThis.exe 2003-10-03 05:57 35,918,902 ----a-w C:\Program Files\sav801.exe 1998-12-25 14:30 254,976 ----a-w C:\Program Files\xaudio.dll 1998-11-12 17:06 48,128 ----a-w C:\Program Files\WNASPI32.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C8B8175-A9BC-4239-9282-798E4EBA6D48}] 2004-08-04 07:00 104448 --a------ c:\windows\system32\nafoktp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 10:59 126976] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54 253952] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46 172032] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-03-03 13:29 81920] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960] "SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 10:16 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 13:42 659456] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-02 23:13 185896] "bcmwltry"="bcmwltry.exe" [2003-07-25 18:28 462848 C:\WINDOWS\system32\bcmwltry.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ 802.11b+g USB Wireless LAN Utility.lnk - C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe [2005-08-27 15:18:35 430080] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-04-02 02:08:38 438272] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2004-10-09 14:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssldr] 2005-12-25 14:56 10240 C:\WINDOWS\system32\ssldr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP62"= SP6X_32.DLL "vidc.XVID"= xvid.dll "vidc.ffds"= ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2005-08-05 14:08 67160 C:\PROGRA~1\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2004-07-20 10:34 851968 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] --a------ 2004-05-12 15:04 196608 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] --a------ 2006-07-26 15:46 3230784 C:\Program Files\SightSpeed\SightSpeed.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-07-21 13:06 20036648 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-08-20 17:27 24576 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2005-08-19 20:34 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= R0 foszjsia;foszjsia;C:\WINDOWS\system32\drivers\foszjsia.sys [2004-08-04 07:00] R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14] R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14] R3 SPCA508A;Micro WebCam;C:\WINDOWS\system32\DRIVERS\SPCA508A.SYS [2000-08-17 04:00] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-10 08:00] S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 15:53] . Contents of the 'Scheduled Tasks' folder 2008-08-10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] 2008-08-10 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24] . - - - - ORPHANS REMOVED - - - - BHO-{AE151937-09A4-4316-B270-B8DC31193BE2} - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstHelpv.dll HKLM-Run-AutoTBar - c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE HKLM-Run-removecpl - RemoveCpl.exe ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\bhdyvoo3.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 23:38:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ssldr32.dll -> C:\WINDOWS\system32\NavLogon.dll PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\msi.dll -> ?:\WINDOWS\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE . ************************************************************************ . Completion time: 2008-08-09 23:45:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-10 04:45:35 Pre-Run: 27,778,207,744 bytes free Post-Run: 36,448,731,136 bytes free 234 --- E O F --- 2008-07-31 15:09:25 New HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 23:51, on 2008-08-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3C8B8175-A9BC-4239-9282-798E4EBA6D48} - c:\windows\system32\nafoktp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AE151937-09A4-4316-B270-B8DC31193BE2} - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstHelpv.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?be6e6a58a801478591d965fc635413d1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?be6e6a58a801478591d965fc635413d1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Trevuren View Member Profile	Aug 9 2008, 11:29 PM Post #5
Forum Dog Group: Classroom Teacher Posts: 7,780 Joined: 14-December 04 From: Ontario, Canada Member No.: 20,259 Operating System: XP Pro SP3 Vista Ultimate SP1 32 & 64 Bit	Your logs clearly indicate that you have several "illegally" obtained programs installed on your computer. I can tell that by the number of keygens that I see as well as references to the word "crack". WTT policy on cleaning systems that contain illegally obtained software is clearly spelled out. No help will be provided unless this software is completely removed from your system. If you still want your system cleaned, get rid of "all" that illegal software then run ComboFix again as previously instructed.

drosera View Member Profile	Aug 10 2008, 12:33 AM Post #6
New Member Group: New Member Posts: 4 Joined: 9-August 08 Member No.: 80,848 Operating System: Windows XP	Oh, ok. I was unaware of that, but thanks for the help.

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal Some-kinda-Ware, need help to clean it up	6	Granny Mouse	59	Today, 10:51 AM Last post by: Tomk
HijackThis™ Logs and Infections Removal HiJack this Log - Trojans and shut down problems	11	pjgriff	187	Today, 09:07 AM Last post by: Rorschach112
HijackThis™ Logs and Infections Removal [Closed] Smitfraud and Virtuamonde spyware detected	4	PJHONEY	63	6th January 2009 - 07:06 PM Last post by: Trevuren
HijackThis™ Logs and Infections Removal Very slow PC - Viruses detected	0	jumenme	12	6th January 2009 - 11:44 AM Last post by: jumenme