Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Infected With Spyshredder


  • This topic is locked This topic is locked
9 replies to this topic

#1 jgarci39

jgarci39

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 02 September 2007 - 04:25 PM

I've ran SmithFraud &OiUninstaller to remove annoying pop-ups but I still have spyshredder. My computer is also running very slow but no freeze-ups. Please review report and advise what to do. Also, what do you recommend I have in order to prevent future viruses? Thanks!!!!

Logfile of HijackThis v1.99.1
Scan saved at 3:11:45 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\ISM\ISMModule3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.c...p....1.0&q=Here are a few suggestions for new members Going back through&url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188329607921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 September 2007 - 07:35 PM

Hello and welcome to the forums

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 jgarci39

jgarci39

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 09 September 2007 - 03:04 PM

Thanks for your response...here are the logs.
Jackie

ComboFix 07-09-09.5 - "HP_Owner" 2007-09-09 15:31:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Donato\Desktop\internet.lnk
C:\DOCUME~1\Jackie\Desktop\internet.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\27CFC4F4.bin
C:\Program Files\MyWebSearch\bar\Cache\27CFC63D.bin
C:\Program Files\MyWebSearch\bar\Cache\27CFC717.bin
C:\Program Files\MyWebSearch\bar\Cache\27CFC86F.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL


((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-09 15:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 20:01 228,676 --a------ C:\WINDOWS\Blubster_Toolbar_Uninstaller_468.exe
2007-09-08 20:01 <DIR> d-------- C:\Program Files\Blubster Toolbar
2007-09-08 20:01 <DIR> d-------- C:\Program Files\Blubster
2007-09-05 22:39 0 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-09-05 22:39 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Template
2007-09-02 16:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 16:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-02 16:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-02 15:34 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-02 15:34 <DIR> d-------- C:\Program Files\AdwareAlert
2007-09-02 15:34 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdwareAlert
2007-08-29 12:22 <DIR> d-------- C:\Program Files\eMusic Download Manager
2007-08-29 12:22 <DIR> d-------- C:\Program Files\alot
2007-08-29 12:22 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\alot
2007-08-28 21:22 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Motive
2007-08-28 20:28 3,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-28 20:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-28 20:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-28 20:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-28 16:13 <DIR> d-------- C:\Program Files\Free Internet Window Washer
2007-08-27 13:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 19:06 <DIR> d-------- C:\Program Files\LimeWire
2007-08-23 16:39 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-08-23 14:02 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-08-23 14:02 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-08-23 14:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\Shared
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\Incomplete
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-19 16:39 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-19 16:39 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-15 17:52 <DIR> d-------- C:\Program Files\SpyShredder
2007-08-15 06:46 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
2007-08-14 18:39 <DIR> d-------- C:\Program Files\SymNetDrv
2007-08-14 14:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-14 14:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-14 14:42 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-14 14:42 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-14 14:34 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-14 14:34 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-08-13 10:18 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Google
2007-08-13 09:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-08-13 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-12 09:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-11 21:50 183 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-08-11 21:44 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-08-11 21:44 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-11 21:44 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-08-11 21:44 49,152 --a------ C:\WINDOWS\system32\SiSPower.dll
2007-08-11 21:44 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-08-11 21:44 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll
2007-08-11 21:44 110,592 --------- C:\WINDOWS\system32\TVMode.dll
2007-08-11 21:44 <DIR> d-------- C:\WINDOWS\system32\trayres
2007-08-11 21:44 <DIR> d-------- C:\WINDOWS\SIS
2007-08-11 20:26 <DIR> d--hs---- C:\DOCUME~1\HP_Owner\UserData
2007-08-11 20:10 <DIR> d-------- C:\Program Files\support.com
2007-08-11 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-08-11 20:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\WINDOWS
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Symantec
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Sonic
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SampleView
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Real
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-08-11 20:04 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-08-11 20:03 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-08-11 20:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-11 20:01 <DIR> dr-h----- C:\MSOCache
2007-08-11 20:01 <DIR> d-------- C:\Program Files\InterVideo
2007-08-11 20:00 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.63
2007-08-11 19:58 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 20:04 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-28 21:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 21:14 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-27 22:23 --------- d-------- C:\Program Files\QuickTime
2007-08-27 22:23 --------- d-------- C:\Program Files\Common Files\Real
2007-08-27 19:49 --------- d-------- C:\Program Files\Symantec
2007-08-24 18:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-23 14:49 --------- d-------- C:\Program Files\Easy Internet signup
2007-08-15 03:15 --------- d-------- C:\Program Files\Norton AntiVirus
2007-08-13 10:17 --------- d-------- C:\Program Files\Google
2007-08-11 21:09 --------- d-------- C:\Program Files\Microsoft Works
2007-08-11 21:07 --------- d-------- C:\Program Files\HP
2007-08-11 20:06 1865 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXF507_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.07_T050110_WXH2_L409_M384_J250_7AMD_8Athlon 64_92.41_#070812_N10390900_Z11C1048C_G10396330.MRK
2007-08-11 20:03 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-28 09:12 --------- d-------- C:\Program Files\EZFace
2007-07-18 20:20 --------- d-------- C:\DOCUME~1\Jackie\APPLIC~1\Apple Computer
2007-07-18 15:48 --------- d-------- C:\DOCUME~1\Gabe\APPLIC~1\Google
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\Donato\APPLIC~1\Apple Computer
2007-07-12 10:05 --------- d-------- C:\Program Files\Apple Software Update
2007-07-12 10:05 --------- d-------- C:\DOCUME~1\Jess\APPLIC~1\Apple Computer
2007-07-12 10:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09AA6C75-179E-42E0-82F7-302603339A82}]
2007-09-08 20:01 798720 --a------ C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
2007-08-10 14:38 551208 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= C:\Program Files\Video ActiveX Access\iesbpl.dll [ ]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}"= C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll [2007-09-08 20:01 798720]

[HKEY_CLASSES_ROOT\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}]

[HKEY_CLASSES_ROOT\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 19:38]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59]
"SiSPower"="SiSPower.dll" [2004-09-24 09:49 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 18:37]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-14 18:39]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-21 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"Blubster"="C:\Program Files\Blubster\Blubster.exe" [2007-04-13 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 14:53]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [2007-08-15 17:52]
"BPS Spyware Remover"="C:\Program Files\BPS Remover\BPSRem.exe" []
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 06:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 19:25:38]


.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 10:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-09-08 03:00:14 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 15:36:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 15:39:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 15:39
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 3:49:32 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Blubster\Blubster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\ImageZoneSynchRulesAgent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Blubster Toolbar Helper - {09AA6C75-179E-42E0-82F7-302603339A82} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Blubster Toolbar - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188329607921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 September 2007 - 03:30 PM

Are you sure you ran the Smitfraudefix?


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\Blubster_Toolbar_Uninstaller_468.exe
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\Video ActiveX Access\iesbpl.dll
C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
C:\Program Files\Blubster\Blubster.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\BPS Remover\BPSRem.exe


Folder::
C:\Program Files\Blubster Toolbar
C:\Program Files\Blubster
C:\Program Files\SpyShredder
C:\Program Files\ISM
C:\Program Files\Video ActiveX Access
C:\Program Files\BPS Remover

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09AA6C75-179E-42E0-82F7-302603339A82}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"=-
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}]
[-HKEY_CLASSES_ROOT\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 jgarci39

jgarci39

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 09 September 2007 - 10:21 PM

I saved quote in notepad on my desktop and dragged it to ComboFix.exe. I did run Smitfraudefix but I could of done something wrong.


ComboFix 07-09-10.2 - "HP_Owner" 2007-09-09 22:33:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -7:00]
* Created a new restore point

FILE::
C:\WINDOWS\Blubster_Toolbar_Uninstaller_468.exe
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\Video ActiveX Access\iesbpl.dll
C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
C:\Program Files\Blubster\Blubster.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\BPS Remover\BPSRem.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Blubster
C:\Program Files\Blubster Toolbar
C:\Program Files\Blubster Toolbar\settings.dat
C:\Program Files\Blubster Toolbar\uninstall.txt
C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\ac.txt
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\contents.rdf
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\firefox.js
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\firefox.xul
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\firefox.jar
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\jarzip.txt
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\contents.rdf
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\go.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\toolbar_logo.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\tut_overlay.css
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\firefox.xpi
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\install.rdf
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\make.bat
C:\Program Files\Blubster Toolbar\v3.2.0.0\firefox\xpizip.txt
C:\Program Files\Blubster Toolbar\v3.2.0.0\installer.ico
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\checkmark.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\go1.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\go1_hot.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\go2.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\go2_hot.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_bg.png
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_feature_bracket.gif
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_logo.gif
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_search_bracket.gif
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_star_bullet.png
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_toolbar.png
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\intro\toolbar_intro.htm
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\popup_blocker_off.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\popup_blocker_on.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\radiodot.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\accuweather.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\amazon.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\dictionary.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\ebay.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\flickr.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\google_groups.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\google_images.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\google_maps.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\google_news.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\shopping.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\technorati.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\wikipedia.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\yahoo.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\yahoo_answers.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\search\youtube.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\searchbg.bmp
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\Thumbs.db
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\Toolbar.js
C:\Program Files\Blubster Toolbar\v3.2.0.0\resources\toolbar_logo.bmp
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Blubster\Blubster.exe.Manifest
C:\Program Files\Blubster\Blubster.sw2
C:\Program Files\Blubster\Cache.dat
C:\Program Files\Blubster\contacts.dat
C:\Program Files\Blubster\contactsR.dat
C:\Program Files\Blubster\default.m3u
C:\Program Files\Blubster\diCrHash.dll
C:\Program Files\Blubster\DOWNLD2.DAT
C:\Program Files\Blubster\downloads.dat
C:\Program Files\Blubster\EBCRYPT.DLL
C:\Program Files\Blubster\fmod.dll
C:\Program Files\Blubster\fmod_dsp_lowpass.dll
C:\Program Files\Blubster\INSTALL.LOG
C:\Program Files\Blubster\loading.gif
C:\Program Files\Blubster\loading.htm
C:\Program Files\Blubster\MyFiles.dat
C:\Program Files\Blubster\MyFiles.dat.lst
C:\Program Files\Blubster\NCTAudioBurner.dll
C:\Program Files\Blubster\NCTAudioFile.dll
C:\Program Files\Blubster\NCTAudioInformation.dll
C:\Program Files\Blubster\NCTAudioPlayer.dll
C:\Program Files\Blubster\NCTAudioVisualization.dll
C:\Program Files\Blubster\Settings.ini
C:\Program Files\Blubster\SmartUI2.ocx
C:\Program Files\Blubster\Softwrap.dll
C:\Program Files\Blubster\TaskKiller.exe
C:\Program Files\Blubster\UNWISE.EXE
C:\Program Files\SpyShredder
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\SpyShredder\SpyShredder.lic
C:\Program Files\SpyShredder\SpyShredder0.ss
C:\Program Files\SpyShredder\SpyShredder1.ss
C:\Program Files\SpyShredder\Uninstall.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\Blubster_Toolbar_Uninstaller_468.exe


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-09 15:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 22:39 0 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-09-05 22:39 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Template
2007-09-02 16:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 16:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-02 16:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-02 15:34 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-02 15:34 <DIR> d-------- C:\Program Files\AdwareAlert
2007-09-02 15:34 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdwareAlert
2007-08-29 12:22 <DIR> d-------- C:\Program Files\eMusic Download Manager
2007-08-29 12:22 <DIR> d-------- C:\Program Files\alot
2007-08-29 12:22 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\alot
2007-08-28 21:22 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Motive
2007-08-28 20:28 3,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-28 20:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-28 20:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-28 20:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-28 16:13 <DIR> d-------- C:\Program Files\Free Internet Window Washer
2007-08-27 13:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 19:06 <DIR> d-------- C:\Program Files\LimeWire
2007-08-23 16:39 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-08-23 14:02 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-08-23 14:02 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-08-23 14:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\Shared
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\Incomplete
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-19 16:39 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-19 16:39 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-15 06:46 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec
2007-08-14 18:39 <DIR> d-------- C:\Program Files\SymNetDrv
2007-08-14 14:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-14 14:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-14 14:42 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-14 14:42 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-14 14:34 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-14 14:34 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-08-13 10:18 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Google
2007-08-13 09:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-08-13 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-12 09:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-11 21:50 183 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-08-11 21:44 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-08-11 21:44 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-11 21:44 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-08-11 21:44 49,152 --a------ C:\WINDOWS\system32\SiSPower.dll
2007-08-11 21:44 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-08-11 21:44 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll
2007-08-11 21:44 110,592 --------- C:\WINDOWS\system32\TVMode.dll
2007-08-11 21:44 <DIR> d-------- C:\WINDOWS\system32\trayres
2007-08-11 21:44 <DIR> d-------- C:\WINDOWS\SIS
2007-08-11 20:26 <DIR> d--hs---- C:\DOCUME~1\HP_Owner\UserData
2007-08-11 20:10 <DIR> d-------- C:\Program Files\support.com
2007-08-11 20:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-08-11 20:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\WINDOWS
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Symantec
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Sonic
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\SampleView
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Real
2007-08-11 20:05 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-08-11 20:04 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-08-11 20:03 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-08-11 20:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-11 20:01 <DIR> dr-h----- C:\MSOCache
2007-08-11 20:01 <DIR> d-------- C:\Program Files\InterVideo
2007-08-11 20:00 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.63
2007-08-11 19:58 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 20:04 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-28 21:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 21:14 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-27 22:23 --------- d-------- C:\Program Files\QuickTime
2007-08-27 22:23 --------- d-------- C:\Program Files\Common Files\Real
2007-08-27 19:49 --------- d-------- C:\Program Files\Symantec
2007-08-24 18:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-23 14:49 --------- d-------- C:\Program Files\Easy Internet signup
2007-08-15 03:15 --------- d-------- C:\Program Files\Norton AntiVirus
2007-08-13 10:17 --------- d-------- C:\Program Files\Google
2007-08-11 21:09 --------- d-------- C:\Program Files\Microsoft Works
2007-08-11 21:07 --------- d-------- C:\Program Files\HP
2007-08-11 20:06 1865 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXF507_E51NAheBLU3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.07_T050110_WXH2_L409_M384_J250_7AMD_8Athlon 64_92.41_#070812_N10390900_Z11C1048C_G10396330.MRK
2007-08-11 20:03 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-28 09:12 --------- d-------- C:\Program Files\EZFace
2007-07-18 20:20 --------- d-------- C:\DOCUME~1\Jackie\APPLIC~1\Apple Computer
2007-07-18 15:48 --------- d-------- C:\DOCUME~1\Gabe\APPLIC~1\Google
2007-07-16 18:41 --------- d-------- C:\DOCUME~1\Donato\APPLIC~1\Apple Computer
2007-07-12 10:05 --------- d-------- C:\Program Files\Apple Software Update
2007-07-12 10:05 --------- d-------- C:\DOCUME~1\Jess\APPLIC~1\Apple Computer
2007-07-12 10:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
2007-08-10 14:38 551208 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 19:38]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59]
"SiSPower"="SiSPower.dll" [2004-09-24 09:49 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 18:37]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-14 18:39]
"AlcxMonitor"="ALCXMNTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-21 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"Blubster"="C:\Program Files\Blubster\Blubster.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 14:53]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" []
"BPS Spyware Remover"="C:\Program Files\BPS Remover\BPSRem.exe" []
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 06:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 19:25:38]


.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 10:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-09-08 03:00:14 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 22:37:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 22:39:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 22:39
C:\ComboFix2.txt ... 2007-09-09 15:39
.
--- E O F ---

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 September 2007 - 05:41 AM

Let's see if any smitfraud infection is left.

Make sure you remove the Smitfraudfix you have now. It gets updated daily.

Only for Windows XP and Windows 2000

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe
Double Click SmitfraudFix.exe on your Desktop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter


This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:
c:\rapport.txt


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 jgarci39

jgarci39

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 10 September 2007 - 08:03 AM

Here you go!
Thanks, Jackie


SmitFraudFix v2.221

Scan done at 8:51:49.40, Mon 09/10/2007
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.87.72.130
DNS Server Search Order: 68.87.77.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9085D3CD-F9B9-4DE8-8CEB-976CB1E2923B}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9085D3CD-F9B9-4DE8-8CEB-976CB1E2923B}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9085D3CD-F9B9-4DE8-8CEB-976CB1E2923B}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 September 2007 - 04:00 PM

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 September 2007 - 08:21 PM

You still needing help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 September 2007 - 07:10 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users