Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vundo Trojan Camping in my computer

Started by Snowflake , Oct 14 2007 06:07 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Snowflake

Snowflake

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 October 2007 - 06:07 PM

My computer has been running slow and I keep getting popup ads even with the popup blocker on. I think I somehow installed a vundo trojan onto my computer. I have been trying to get it out the past few days with not much success. So I decided to post here for professional help before I do more damage to my computer :(

Things I have installed and tried:
Lots of online antivirus scans
SUPERAntiSpy
ComboFix
VundoFix

Every time I think I deleted the vundo, something pops up on my desktop and starts reinstalling itself. Scary stuff :huh: It hasn't been happening today but I am still not assured that everything is clean. I hope my computer can still be saved.


My hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:30:38 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BestsellerAntivirus] "C:\Program Files\BestsellerAntivirus\pgs.exe"
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\DOCUME~1\Vince\LOCALS~1\Temp\oahicsyx.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191636689437
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfish...web.1.0.0.9.cab
O16 - DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} (NateComicViewer Class) - http://crayondata.cy...ComicViewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1830188-679E-4A67-B121-570F37F18ACC} (Naver Music Player ActiveX) - http://bridge.item2....ic/cab/nbgm.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxxuur - cbxxuur.dll (file missing)
O20 - Winlogon Notify: niklqzpt - niklqzpt.dll (file missing)
O20 - Winlogon Notify: tetmerhf - tetmerhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

My Vundofix Log:

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 1:52:57 AM 10/14/2007

Listing files found while scanning....

C:\windows\system32\fssgfxoq.tmp
C:\WINDOWS\system32\lulrrjpx.dll
C:\windows\system32\pxkyaavu.ini
C:\windows\system32\qoxfgssf.dll
C:\WINDOWS\system32\tetmerhf.dll
C:\windows\system32\uvaaykxp.dll

Beginning removal...

Attempting to delete C:\windows\system32\fssgfxoq.tmp
C:\windows\system32\fssgfxoq.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\lulrrjpx.dll
C:\WINDOWS\system32\lulrrjpx.dll Has been deleted!

Attempting to delete C:\windows\system32\pxkyaavu.ini
C:\windows\system32\pxkyaavu.ini Has been deleted!

Attempting to delete C:\windows\system32\qoxfgssf.dll
C:\windows\system32\qoxfgssf.dll Has been deleted!

Attempting to delete C:\windows\system32\uvaaykxp.dll
C:\windows\system32\uvaaykxp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 1:59:49 AM 10/14/2007

Listing files found while scanning....

C:\windows\system32\uvaaykxp.dll

Beginning removal...

Attempting to delete C:\windows\system32\uvaaykxp.dll
C:\windows\system32\uvaaykxp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 2:56:38 AM 10/14/2007

Listing files found while scanning....

C:\windows\system32\bvpkiurc.dll
C:\windows\system32\cruikpvb.ini
C:\WINDOWS\system32\eteechyg.dll
C:\windows\system32\ugmnxjtu.ini
C:\windows\system32\uogddeim.exe
C:\windows\system32\utjxnmgu.dll
C:\WINDOWS\system32\veljcjjn.dll

Beginning removal...

Attempting to delete C:\windows\system32\bvpkiurc.dll
C:\windows\system32\bvpkiurc.dll Could not be deleted.

Attempting to delete C:\windows\system32\cruikpvb.ini
C:\windows\system32\cruikpvb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eteechyg.dll
C:\WINDOWS\system32\eteechyg.dll Has been deleted!

Attempting to delete C:\windows\system32\ugmnxjtu.ini
C:\windows\system32\ugmnxjtu.ini Has been deleted!

Attempting to delete C:\windows\system32\uogddeim.exe
C:\windows\system32\uogddeim.exe Has been deleted!

Attempting to delete C:\windows\system32\utjxnmgu.dll
C:\windows\system32\utjxnmgu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\veljcjjn.dll
C:\WINDOWS\system32\veljcjjn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\bvpkiurc.dll
C:\windows\system32\bvpkiurc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\veljcjjn.dll
C:\WINDOWS\system32\veljcjjn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 3:03:34 AM 10/14/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 3:21:26 AM 10/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\jfelxnvf.dll
C:\WINDOWS\system32\nhixxffu.ini
C:\WINDOWS\system32\uffxxihn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\gcfnashn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jfelxnvf.dll
C:\WINDOWS\system32\jfelxnvf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nhixxffu.ini
C:\WINDOWS\system32\nhixxffu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uffxxihn.dll
C:\WINDOWS\system32\uffxxihn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\gcfnashn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uffxxihn.dll
C:\WINDOWS\system32\uffxxihn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 3:31:01 AM 10/14/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 3:59:10 AM 10/14/2007

Listing files found while scanning....

C:\windows\system32\ahqyvdgx.ini
C:\WINDOWS\system32\bieejyqk.dll
C:\WINDOWS\system32\jwqioqlk.dll
C:\WINDOWS\system32\kqyjeeib.ini
C:\windows\system32\xgdvyqha.dll

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 6:10:01 PM 10/14/2007

Listing files found while scanning....

rundll32.exe

I wasn't sure if it was a good idea to delete rundll32.exe or not :wacko:


Thanks for the help in advance :blush:

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 October 2007 - 07:21 PM

Hello and welcome to the forums

DO NOT delete anything on your own.

Follow these as posted. Combofix gets updated every day.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Posted Image
  • When shown the disclaimer, Select "2"


I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 Snowflake

Snowflake

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 October 2007 - 07:43 PM

Thanks so much for helping me :blush:

My ComboFix Log:

ComboFix 07-10-12.4 - Vince 2007-10-14 21:36:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.582 [GMT -4:00]
Running from: C:\Documents and Settings\Vince\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 20:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 18:16 <DIR> d-------- C:\hjt
2007-10-14 04:51 389,184 --a------ C:\WINDOWS\system32\bjnjpdsx.exe
2007-10-14 04:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-14 04:15 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\SUPERAntiSpyware.com
2007-10-14 04:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-14 03:18 339,968 --------- C:\WINDOWS\system32\gcfnashn.dll
2007-10-14 03:17 389,184 --a------ C:\WINDOWS\system32\bkiirfnl.exe
2007-10-14 03:09 339,968 --a------ C:\WINDOWS\system32\cinwqkos.dll
2007-10-14 03:08 389,184 --a------ C:\WINDOWS\system32\bvbusgtt.exe
2007-10-14 02:21 389,184 --a------ C:\WINDOWS\system32\yohslfqc.exe
2007-10-14 02:21 339,968 --------- C:\WINDOWS\system32\veljcjjn.dll
2007-10-14 02:17 389,184 --a------ C:\WINDOWS\system32\qlidsffu.exe
2007-10-14 02:08 339,968 --a------ C:\WINDOWS\system32\rnndzlvi.dll
2007-10-14 02:07 389,184 --a------ C:\WINDOWS\system32\xkhujqfb.exe
2007-10-14 00:22 389,184 --a------ C:\WINDOWS\system32\womwvxnm.exe
2007-10-14 00:12 389,184 --a------ C:\WINDOWS\system32\mhmlotbk.exe
2007-10-13 23:41 389,184 --a------ C:\WINDOWS\system32\xyjxykll.exe
2007-10-13 23:20 389,184 --a------ C:\WINDOWS\system32\fpfdqhsc.exe
2007-10-13 21:10 389,184 --a------ C:\WINDOWS\system32\qsktjwko.exe
2007-10-13 20:51 389,184 --a------ C:\WINDOWS\system32\ccpfdedg.exe
2007-10-12 20:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-12 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-12 20:26 <DIR> d-------- C:\Quarantine
2007-10-12 18:57 389,184 --a------ C:\WINDOWS\system32\unvybabp.exe
2007-10-12 15:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-12 15:06 389,184 --a------ C:\WINDOWS\system32\bjmevbxq.exe
2007-10-11 22:44 164 --a------ C:\install.dat
2007-10-11 17:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-11 03:11 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 22:26 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-10 22:24 <DIR> d-------- C:\Documents and Settings\Vince\.housecall6.6
2007-10-10 20:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 20:02 <DIR> d-------- C:\Program Files\Sqirlz Water Reflections
2007-10-10 20:02 <DIR> d-------- C:\Program Files\bfgclient
2007-10-10 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-10-10 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-10 17:50 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-10-10 17:38 394,515 --a------ C:\WINDOWS\system32\PCRCUpdates.zip
2007-10-10 17:34 <DIR> d-------- C:\Program Files\PCRegistryCleaner(2)
2007-10-06 09:11 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-06 00:52 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-05 21:48 <DIR> d-------- C:\Program Files\Law & Order - The Vengeful Heart
2007-10-05 16:28 158,464 --a------ C:\WINDOWS\system32\45aa00b1.sys
2007-10-05 16:24 158,464 --a------ C:\WINDOWS\system32\e35580dd.sys
2007-10-05 16:19 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\AVSMedia
2007-10-05 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-05 16:18 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-10-05 16:18 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-05 16:18 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-10-05 16:18 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-10-05 16:18 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-05 16:18 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-05 16:18 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-10-05 16:18 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-05 16:18 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-05 16:18 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-05 00:27 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-10-04 16:50 <DIR> d-------- C:\Program Files\Real
2007-10-04 16:50 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-02 23:54 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\Nero
2007-10-02 23:50 <DIR> d-------- C:\Program Files\Nero
2007-10-02 23:50 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-02 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-24 09:05 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 09:05 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-21 23:47 <DIR> d-------- C:\Program Files\Nate
2007-09-21 23:47 1,282,048 --a------ C:\WINDOWS\system32\NateComicCore.dll
2007-09-20 09:59 972,072 --a------ C:\WINDOWS\UNRecode.exe
2007-09-20 09:55 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 09:55 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 16:00 --------- d-----w C:\Program Files\Warcraft III
2007-10-14 08:26 --------- d-----w C:\Program Files\Java
2007-10-14 01:01 --------- d-----w C:\Program Files\Google
2007-10-12 22:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-12 22:55 --------- d-----w C:\Program Files\Steam
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 22:08 --------- d-----w C:\Program Files\MSN Messenger
2007-10-11 22:04 --------- d-----w C:\Program Files\iTunes
2007-10-11 21:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-05 04:27 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-29 22:57 --------- d-----w C:\Program Files\PokerRoom.com
2007-09-26 15:25 --------- d-----w C:\Program Files\LimeWire
2007-09-17 19:52 --------- d-----w C:\Program Files\eMule
2007-09-14 22:19 160,528 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-09-09 02:38 --------- d-----w C:\Program Files\Common Files\WAYI
2007-09-05 01:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-05 00:50 --------- d-----w C:\Documents and Settings\Vince\Application Data\PlayFirst
2007-09-05 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-04 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-08-31 16:19 --------- d-----w C:\Program Files\PartyGaming
2007-08-24 01:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 01:39 --------- d-----w C:\Program Files\Ubisoft
2007-08-15 05:18 --------- d-----w C:\Program Files\Creative
2007-08-15 04:23 --------- d-----w C:\Documents and Settings\Vince\Application Data\Creative
2007-08-01 23:22 494 ----a-w C:\Documents and Settings\Vince\Application Data\filterclsid.dat
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-02-27 18:06 92,064 ----a-w C:\Documents and Settings\Vince\mqdmmdm.sys
2007-02-27 18:06 9,232 ----a-w C:\Documents and Settings\Vince\mqdmmdfl.sys
2007-02-27 18:06 79,328 ----a-w C:\Documents and Settings\Vince\mqdmserd.sys
2007-02-27 18:06 66,656 ----a-w C:\Documents and Settings\Vince\mqdmbus.sys
2007-02-27 18:06 6,208 ----a-w C:\Documents and Settings\Vince\mqdmcmnt.sys
2007-02-27 18:06 5,936 ----a-w C:\Documents and Settings\Vince\mqdmwhnt.sys
2007-02-27 18:06 4,048 ----a-w C:\Documents and Settings\Vince\mqdmcr.sys
2007-02-27 18:06 25,600 ----a-w C:\Documents and Settings\Vince\usbsermptxp.sys
2007-02-27 18:06 22,768 ----a-w C:\Documents and Settings\Vince\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 22:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 13:50 C:\WINDOWS\LOGI_MWX.EXE]
"ClientGW"="" []
"eSnips"="C:\Program Files\eSnips\ClientGW.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-28 18:11]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"BestsellerAntivirus"="C:\Program Files\BestsellerAntivirus\pgs.exe" []
"ugcw"="C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 10:22]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Vince\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Registration .LNK - C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2007-10-12 19:04:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-13 20:57:56]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:05:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuur]
cbxxuur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\niklqzpt]
niklqzpt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tetmerhf]
tetmerhf.dll

S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 01:02:05 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOME-Vince).job"
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:37:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 21:38:11
C:\ComboFix2.txt ... 2007-10-14 21:28
.
--- E O F ---


My Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:40 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BestsellerAntivirus] "C:\Program Files\BestsellerAntivirus\pgs.exe"
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191636689437
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfish...web.1.0.0.9.cab
O16 - DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} (NateComicViewer Class) - http://crayondata.cy...ComicViewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1830188-679E-4A67-B121-570F37F18ACC} (Naver Music Player ActiveX) - http://bridge.item2....ic/cab/nbgm.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxxuur - cbxxuur.dll (file missing)
O20 - Winlogon Notify: niklqzpt - niklqzpt.dll (file missing)
O20 - Winlogon Notify: tetmerhf - tetmerhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 October 2007 - 08:02 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\bjnjpdsx.exe
C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\bkiirfnl.exe
C:\WINDOWS\system32\cinwqkos.dll
C:\WINDOWS\system32\bvbusgtt.exe
C:\WINDOWS\system32\yohslfqc.exe
C:\WINDOWS\system32\veljcjjn.dll
C:\WINDOWS\system32\qlidsffu.exe
C:\WINDOWS\system32\rnndzlvi.dll
C:\WINDOWS\system32\xkhujqfb.exe
C:\WINDOWS\system32\womwvxnm.exe
C:\WINDOWS\system32\mhmlotbk.exe
C:\WINDOWS\system32\xyjxykll.exe
C:\WINDOWS\system32\fpfdqhsc.exe
C:\WINDOWS\system32\qsktjwko.exe
C:\WINDOWS\system32\ccpfdedg.exe
C:\WINDOWS\system32\unvybabp.exe
C:\WINDOWS\system32\bjmevbxq.exe
C:\WINDOWS\system32\45aa00b1.sys
C:\WINDOWS\system32\e35580dd.sys
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe

Folder::
C:\Quarantine
C:\Program Files\BestsellerAntivirus
C:\PROGRA~1\COMMON~1\BESTSE~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BestsellerAntivirus"=-
"ugcw"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuur]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\niklqzpt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tetmerhf]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 Snowflake

Snowflake

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 October 2007 - 08:12 PM

ComboFix 07-10-12.4 - Vince 2007-10-14 22:04:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT -4:00]
Running from: C:\Documents and Settings\Vince\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vince\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\WINDOWS\system32\45aa00b1.sys
C:\WINDOWS\system32\bjmevbxq.exe
C:\WINDOWS\system32\bjnjpdsx.exe
C:\WINDOWS\system32\bkiirfnl.exe
C:\WINDOWS\system32\bvbusgtt.exe
C:\WINDOWS\system32\ccpfdedg.exe
C:\WINDOWS\system32\cinwqkos.dll
C:\WINDOWS\system32\e35580dd.sys
C:\WINDOWS\system32\fpfdqhsc.exe
C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\mhmlotbk.exe
C:\WINDOWS\system32\qlidsffu.exe
C:\WINDOWS\system32\qsktjwko.exe
C:\WINDOWS\system32\rnndzlvi.dll
C:\WINDOWS\system32\unvybabp.exe
C:\WINDOWS\system32\veljcjjn.dll
C:\WINDOWS\system32\womwvxnm.exe
C:\WINDOWS\system32\xkhujqfb.exe
C:\WINDOWS\system32\xyjxykll.exe
C:\WINDOWS\system32\yohslfqc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Quarantine
C:\WINDOWS\system32\45aa00b1.sys
C:\WINDOWS\system32\bjmevbxq.exe
C:\WINDOWS\system32\bjnjpdsx.exe
C:\WINDOWS\system32\bkiirfnl.exe
C:\WINDOWS\system32\bvbusgtt.exe
C:\WINDOWS\system32\ccpfdedg.exe
C:\WINDOWS\system32\cinwqkos.dll
C:\WINDOWS\system32\e35580dd.sys
C:\WINDOWS\system32\fpfdqhsc.exe
C:\WINDOWS\system32\gcfnashn.dll
C:\WINDOWS\system32\mhmlotbk.exe
C:\WINDOWS\system32\qlidsffu.exe
C:\WINDOWS\system32\qsktjwko.exe
C:\WINDOWS\system32\rnndzlvi.dll
C:\WINDOWS\system32\unvybabp.exe
C:\WINDOWS\system32\veljcjjn.dll
C:\WINDOWS\system32\womwvxnm.exe
C:\WINDOWS\system32\xkhujqfb.exe
C:\WINDOWS\system32\xyjxykll.exe
C:\WINDOWS\system32\yohslfqc.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 20:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 18:16 <DIR> d-------- C:\hjt
2007-10-14 04:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-14 04:15 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\SUPERAntiSpyware.com
2007-10-14 04:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-12 20:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-12 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-12 15:09 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-11 22:44 164 --a------ C:\install.dat
2007-10-11 17:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-11 03:11 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-10 22:26 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-10 22:24 <DIR> d-------- C:\Documents and Settings\Vince\.housecall6.6
2007-10-10 20:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 20:02 <DIR> d-------- C:\Program Files\Sqirlz Water Reflections
2007-10-10 20:02 <DIR> d-------- C:\Program Files\bfgclient
2007-10-10 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-10-10 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-10 17:50 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-10-10 17:38 394,515 --a------ C:\WINDOWS\system32\PCRCUpdates.zip
2007-10-10 17:34 <DIR> d-------- C:\Program Files\PCRegistryCleaner(2)
2007-10-06 09:11 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-06 00:52 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-05 21:48 <DIR> d-------- C:\Program Files\Law & Order - The Vengeful Heart
2007-10-05 16:19 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\AVSMedia
2007-10-05 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-05 16:18 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-10-05 16:18 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-05 16:18 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-10-05 16:18 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-10-05 16:18 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-05 16:18 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-05 16:18 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-10-05 16:18 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-05 16:18 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-05 16:18 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-05 16:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-05 00:27 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-10-04 16:50 <DIR> d-------- C:\Program Files\Real
2007-10-04 16:50 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-02 23:54 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\Nero
2007-10-02 23:50 <DIR> d-------- C:\Program Files\Nero
2007-10-02 23:50 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-02 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-24 09:05 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 09:05 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-21 23:47 <DIR> d-------- C:\Program Files\Nate
2007-09-21 23:47 1,282,048 --a------ C:\WINDOWS\system32\NateComicCore.dll
2007-09-20 09:59 972,072 --a------ C:\WINDOWS\UNRecode.exe
2007-09-20 09:55 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 09:55 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 16:00 --------- d-----w C:\Program Files\Warcraft III
2007-10-14 08:26 --------- d-----w C:\Program Files\Java
2007-10-14 01:01 --------- d-----w C:\Program Files\Google
2007-10-12 22:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-12 22:55 --------- d-----w C:\Program Files\Steam
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 22:08 --------- d-----w C:\Program Files\MSN Messenger
2007-10-11 22:04 --------- d-----w C:\Program Files\iTunes
2007-10-11 21:58 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-05 04:27 36,624 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-29 22:57 --------- d-----w C:\Program Files\PokerRoom.com
2007-09-26 15:25 --------- d-----w C:\Program Files\LimeWire
2007-09-17 19:52 --------- d-----w C:\Program Files\eMule
2007-09-14 22:19 160,528 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-09-09 02:38 --------- d-----w C:\Program Files\Common Files\WAYI
2007-09-05 01:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-05 00:50 --------- d-----w C:\Documents and Settings\Vince\Application Data\PlayFirst
2007-09-05 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-04 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-08-31 16:19 --------- d-----w C:\Program Files\PartyGaming
2007-08-16 01:39 --------- d-----w C:\Program Files\Ubisoft
2007-08-15 05:18 --------- d-----w C:\Program Files\Creative
2007-08-15 04:23 --------- d-----w C:\Documents and Settings\Vince\Application Data\Creative
2007-08-01 23:22 494 ----a-w C:\Documents and Settings\Vince\Application Data\filterclsid.dat
2007-02-27 18:06 92,064 ----a-w C:\Documents and Settings\Vince\mqdmmdm.sys
2007-02-27 18:06 9,232 ----a-w C:\Documents and Settings\Vince\mqdmmdfl.sys
2007-02-27 18:06 79,328 ----a-w C:\Documents and Settings\Vince\mqdmserd.sys
2007-02-27 18:06 66,656 ----a-w C:\Documents and Settings\Vince\mqdmbus.sys
2007-02-27 18:06 6,208 ----a-w C:\Documents and Settings\Vince\mqdmcmnt.sys
2007-02-27 18:06 5,936 ----a-w C:\Documents and Settings\Vince\mqdmwhnt.sys
2007-02-27 18:06 4,048 ----a-w C:\Documents and Settings\Vince\mqdmcr.sys
2007-02-27 18:06 25,600 ----a-w C:\Documents and Settings\Vince\usbsermptxp.sys
2007-02-27 18:06 22,768 ----a-w C:\Documents and Settings\Vince\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_21.37.40.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 22:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 13:50 C:\WINDOWS\LOGI_MWX.EXE]
"ClientGW"="" []
"eSnips"="C:\Program Files\eSnips\ClientGW.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-28 18:11]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 10:22]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Vince\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Registration .LNK - C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2007-10-12 19:04:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-13 20:57:56]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:05:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 02:08:33 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOME-Vince).job"
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 22:08:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 22:10:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 21:38
C:\ComboFix3.txt ... 2007-10-14 21:28
.
--- E O F ---

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 October 2007 - 08:14 PM

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 October 2007 - 08:25 PM

Being helped here:
http://security-cent...22247#post22247

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·