Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Antivirus 2008/ Malware Protector 2008 problems. [RESOLVED]

Started by Spartanfan , Jun 22 2008 06:18 PM

  • This topic is locked This topic is locked

#1
Spartanfan
Posted 22 June 2008 - 06:18 PM

Spartanfan

    New Member

  • Member
  • Pip
  • 5 posts
Not sure how i got this on my computer, but i'm stuck with it and have had no luck whatsoever getting it out. So here i am.
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:11 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [System Sentry] C:\PROGRA~1\EASYDE~1\SYSTEM~1\Protect.exe protect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphct5aj0et99] C:\WINDOWS\system32\lphct5aj0et99.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMrhcp5aj0et99] C:\Program Files\rhcp5aj0et99\rhcp5aj0et99.exe
O4 - HKLM\..\Run: [SMshcr5aj0et99] C:\Program Files\shcr5aj0et99\shcr5aj0et99.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://irc.webmaster...000/java/cr.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potf_x.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay12...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1214176769015
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10514 bytes

Uninstall List from HJT:
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AntivirXP08
AVG 7.5
DivX
DivX Player
DivX Web Player
Do More 5.0
Do More 5.0
Fraps
FreeSpace
Gateway Desktop Manager
Gateway IE Customizations
Gateway Power Management
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTW V.92 Voicemodem
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 6.1
hp instant support
HP Memories Disc
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iTunes
Java™ 6 Update 6
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
LView Pro 2005 2nd Quarter - Trial Version
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Morpheus 5.1 (remove only)
MProtector
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
Panda ActiveScan 2.0
Photo Explosion Special Edition
PS/2 Millennium Keyboard
QuickTime
RealArcade
RealPlayer
SANYO Digital Camera Driver
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Sid Meier's Civilization 4
Sony Media Manager for PSP 2.0a
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
Ulead Photo Explorer 8.0 SE Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Ventrilo Client
WinAce Archiver
Winamp (remove only)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Thank you for your time and help!
  • 0

Advertisements

#2
greyknight17
Posted 30 June 2008 - 07:58 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please do not create a new topic and redirect it to your own topic in the Malware Board. If you don't get a reply after 3 days, post in the Waiting Room with the link instead :)

1. Download combofix at http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Spartanfan
Posted 30 June 2008 - 08:35 PM

Spartanfan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Bah, thought i had posted it in the waiting room, not where it was. My apologies :)

Combofix Log
ComboFix 08-06-20.4 - Owner 2008-06-30 21:23:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.847 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\Owner\Application Data\rhcp5aj0et99
C:\Program Files\shcr5aj0et99
C:\WINDOWS\system32\lphct5aj0et99.exe
C:\WINDOWS\system32\phct5aj0et99.bmp
C:\WINDOWS\system32\pphct5aj0et99.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-24 17:44 . 2008-06-24 17:44 <DIR> d-------- C:\Program Files\CCleaner
2008-06-23 17:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-23 17:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 19:00 . 2008-06-22 19:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 10:17 . 2008-06-24 17:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 09:38 . 2008-06-22 09:39 <DIR> d-------- C:\Program Files\rhcp5aj0et99
2008-06-22 09:38 . 2008-06-22 09:28 60,928 --a------ C:\WINDOWS\system32\1FD.tmp
2008-06-22 09:28 . 2008-06-22 09:18 60,928 --a------ C:\WINDOWS\system32\1FA.tmp
2008-06-22 09:18 . 2008-06-22 09:08 60,928 --a------ C:\WINDOWS\system32\1F7.tmp
2008-06-22 09:08 . 2008-06-22 08:58 60,928 --a------ C:\WINDOWS\system32\1F4.tmp
2008-06-22 08:58 . 2008-06-22 08:48 60,928 --a------ C:\WINDOWS\system32\1F1.tmp
2008-06-22 08:48 . 2008-06-22 08:37 60,928 --a------ C:\WINDOWS\system32\1EE.tmp
2008-06-22 08:37 . 2008-06-22 08:27 60,928 --a------ C:\WINDOWS\system32\1EB.tmp
2008-06-22 08:27 . 2008-06-22 08:17 60,928 --a------ C:\WINDOWS\system32\1E8.tmp
2008-06-22 08:17 . 2008-06-22 08:07 60,928 --a------ C:\WINDOWS\system32\1E5.tmp
2008-06-22 08:07 . 2008-06-22 07:57 60,928 --a------ C:\WINDOWS\system32\1E2.tmp
2008-06-22 07:57 . 2008-06-22 07:47 60,928 --a------ C:\WINDOWS\system32\1DF.tmp
2008-06-22 07:47 . 2008-06-22 07:37 60,928 --a------ C:\WINDOWS\system32\1DC.tmp
2008-06-22 07:37 . 2008-06-22 07:27 60,928 --a------ C:\WINDOWS\system32\1D9.tmp
2008-06-22 07:27 . 2008-06-22 07:17 60,928 --a------ C:\WINDOWS\system32\1D6.tmp
2008-06-22 07:17 . 2008-06-22 07:07 60,928 --a------ C:\WINDOWS\system32\1D3.tmp
2008-06-22 07:07 . 2008-06-22 06:57 60,928 --a------ C:\WINDOWS\system32\1D0.tmp
2008-06-22 06:57 . 2008-06-22 06:47 60,928 --a------ C:\WINDOWS\system32\1CD.tmp
2008-06-22 06:47 . 2008-06-22 06:37 60,928 --a------ C:\WINDOWS\system32\1CA.tmp
2008-06-22 06:37 . 2008-06-22 06:27 60,928 --a------ C:\WINDOWS\system32\1C7.tmp
2008-06-22 06:27 . 2008-06-22 06:17 60,928 --a------ C:\WINDOWS\system32\1C4.tmp
2008-06-22 06:17 . 2008-06-22 06:07 60,928 --a------ C:\WINDOWS\system32\1C1.tmp
2008-06-22 06:07 . 2008-06-22 05:56 60,928 --a------ C:\WINDOWS\system32\1BE.tmp
2008-06-22 05:56 . 2008-06-22 05:46 60,928 --a------ C:\WINDOWS\system32\1BB.tmp
2008-06-22 05:46 . 2008-06-22 05:36 60,928 --a------ C:\WINDOWS\system32\1B8.tmp
2008-06-22 05:36 . 2008-06-22 05:26 60,928 --a------ C:\WINDOWS\system32\1B5.tmp
2008-06-22 05:26 . 2008-06-22 05:16 60,928 --a------ C:\WINDOWS\system32\1B2.tmp
2008-06-22 05:16 . 2008-06-22 05:06 60,928 --a------ C:\WINDOWS\system32\1AF.tmp
2008-06-22 05:06 . 2008-06-22 04:56 60,928 --a------ C:\WINDOWS\system32\1AC.tmp
2008-06-22 04:56 . 2008-06-22 04:46 60,928 --a------ C:\WINDOWS\system32\1A9.tmp
2008-06-22 04:46 . 2008-06-22 04:36 60,928 --a------ C:\WINDOWS\system32\1A6.tmp
2008-06-22 04:36 . 2008-06-22 04:26 60,928 --a------ C:\WINDOWS\system32\1A3.tmp
2008-06-22 04:26 . 2008-06-22 04:16 60,928 --a------ C:\WINDOWS\system32\1A0.tmp
2008-06-22 04:16 . 2008-06-22 04:06 60,928 --a------ C:\WINDOWS\system32\19D.tmp
2008-06-22 04:06 . 2008-06-22 03:56 60,928 --a------ C:\WINDOWS\system32\19A.tmp
2008-06-22 03:56 . 2008-06-22 03:46 60,928 --a------ C:\WINDOWS\system32\197.tmp
2008-06-22 03:46 . 2008-06-22 03:36 60,928 --a------ C:\WINDOWS\system32\194.tmp
2008-06-22 03:36 . 2008-06-22 03:26 60,928 --a------ C:\WINDOWS\system32\191.tmp
2008-06-22 03:26 . 2008-06-22 03:16 60,928 --a------ C:\WINDOWS\system32\18E.tmp
2008-06-22 03:16 . 2008-06-22 03:06 60,928 --a------ C:\WINDOWS\system32\18B.tmp
2008-06-22 03:06 . 2008-06-22 02:55 60,928 --a------ C:\WINDOWS\system32\188.tmp
2008-06-22 00:26 . 2008-06-22 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 00:25 . 2008-06-22 18:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 00:25 . 2008-06-22 00:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-22 00:04 . 2008-06-22 00:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-22 00:03 . 2008-06-22 00:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 00:03 . 2008-06-22 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:03 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 00:03 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 00:02 . 2008-06-22 00:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-21 23:02 . 2008-06-21 23:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-21 22:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-21 22:53 . 2008-06-21 22:54 <DIR> d-------- C:\Program Files\Java
2008-06-21 22:52 . 2008-06-21 22:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:35 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 00:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-30 22:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-06-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 05:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 22:43 --------- d-----w C:\Program Files\Morpheus
2008-05-30 06:00 --------- d-----w C:\Program Files\Google
2008-05-15 21:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-17 17:09 2,051,736 ----a-w C:\Program Files\xfire_installer_17902.exe
2005-11-24 00:03 9,352,392 ----a-w C:\Program Files\Install_MSN_Messenger.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 18:44 67128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-22 18:14 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 10:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 09:59 126976]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 19:12 65536 C:\WINDOWS\GWMDMMSG.exe]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 66048 C:\WINDOWS\system32\SK9910DM.EXE]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-30 23:59 185784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:03 579584]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 17:22 35328]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 17:20 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-02 10:49 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-13 18:44:21 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-22 18:14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-22 18:14 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphct5aj0et99]
C:\WINDOWS\system32\lphct5aj0et99.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcp5aj0et99]
--a------ 2008-06-21 13:22 1642496 C:\Program Files\rhcp5aj0et99\rhcp5aj0et99.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMshcr5aj0et99]
C:\Program Files\shcr5aj0et99\shcr5aj0et99.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"=
"C:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

S3 DCamUSBNovatek;SANYO Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2006-10-12 17:40]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 21:28:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 21:30:16
ComboFix-quarantined-files.txt 2008-07-01 02:30:11

Pre-Run: 13,294,129,152 bytes free
Post-Run: 14,034,698,240 bytes free

200 --- E O F --- 2008-06-20 22:02:01
  • 0

#4
greyknight17
Posted 30 June 2008 - 09:15 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Check Malwarebytes for any updates and then run a scan. See if it found anything...post the log here.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\system32\1FD.tmp
C:\WINDOWS\system32\1FA.tmp
C:\WINDOWS\system32\1F7.tmp
C:\WINDOWS\system32\1F4.tmp
C:\WINDOWS\system32\1F1.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1EB.tmp
C:\WINDOWS\system32\1E8.tmp
C:\WINDOWS\system32\1E5.tmp
C:\WINDOWS\system32\1E2.tmp
C:\WINDOWS\system32\1DF.tmp
C:\WINDOWS\system32\1DC.tmp
C:\WINDOWS\system32\1D9.tmp
C:\WINDOWS\system32\1D6.tmp
C:\WINDOWS\system32\1D3.tmp
C:\WINDOWS\system32\1D0.tmp
C:\WINDOWS\system32\1CD.tmp
C:\WINDOWS\system32\1CA.tmp
C:\WINDOWS\system32\1C7.tmp
C:\WINDOWS\system32\1C4.tmp
C:\WINDOWS\system32\1C1.tmp
C:\WINDOWS\system32\1BE.tmp
C:\WINDOWS\system32\1BB.tmp
C:\WINDOWS\system32\1B8.tmp
C:\WINDOWS\system32\1B5.tmp
C:\WINDOWS\system32\1B2.tmp
C:\WINDOWS\system32\1AF.tmp
C:\WINDOWS\system32\1AC.tmp
C:\WINDOWS\system32\1A9.tmp
C:\WINDOWS\system32\1A6.tmp
C:\WINDOWS\system32\1A3.tmp
C:\WINDOWS\system32\1A0.tmp
C:\WINDOWS\system32\19D.tmp
C:\WINDOWS\system32\19A.tmp
C:\WINDOWS\system32\197.tmp
C:\WINDOWS\system32\194.tmp
C:\WINDOWS\system32\191.tmp
C:\WINDOWS\system32\18E.tmp
C:\WINDOWS\system32\18B.tmp
C:\WINDOWS\system32\188.tmp
Folder::
C:\Program Files\rhcp5aj0et99
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphct5aj0et99]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcp5aj0et99]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMshcr5aj0et99]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
Spartanfan
Posted 30 June 2008 - 10:10 PM

Spartanfan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebyte's Log:
11:00:17 PM 6/30/2008
mbam-log-6-30-2008 (23-00-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102611
Time elapsed: 29 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> No action taken.

Files Infected:
C:\Program Files\rhcp5aj0et99\rhcp5aj0et99.exe (Rogue.AntivirusXP2008) -> No action taken.
C:\Program Files\rhcp5aj0et99\rhcp5aj0et99Skin.dll (Rogue.AntivirusXP2008) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pphct5aj0et99.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{F9514752-3094-46DE-82A8-A9F3D3B114DA}\RP512\A0036329.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{F9514752-3094-46DE-82A8-A9F3D3B114DA}\RP512\A0036339.dll (Rogue.MalwareProtector) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.

ComboFix Log:
ComboFix 08-06-20.4 - Owner 2008-06-30 23:03:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.733 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\188.tmp
C:\WINDOWS\system32\18B.tmp
C:\WINDOWS\system32\18E.tmp
C:\WINDOWS\system32\191.tmp
C:\WINDOWS\system32\194.tmp
C:\WINDOWS\system32\197.tmp
C:\WINDOWS\system32\19A.tmp
C:\WINDOWS\system32\19D.tmp
C:\WINDOWS\system32\1A0.tmp
C:\WINDOWS\system32\1A3.tmp
C:\WINDOWS\system32\1A6.tmp
C:\WINDOWS\system32\1A9.tmp
C:\WINDOWS\system32\1AC.tmp
C:\WINDOWS\system32\1AF.tmp
C:\WINDOWS\system32\1B2.tmp
C:\WINDOWS\system32\1B5.tmp
C:\WINDOWS\system32\1B8.tmp
C:\WINDOWS\system32\1BB.tmp
C:\WINDOWS\system32\1BE.tmp
C:\WINDOWS\system32\1C1.tmp
C:\WINDOWS\system32\1C4.tmp
C:\WINDOWS\system32\1C7.tmp
C:\WINDOWS\system32\1CA.tmp
C:\WINDOWS\system32\1CD.tmp
C:\WINDOWS\system32\1D0.tmp
C:\WINDOWS\system32\1D3.tmp
C:\WINDOWS\system32\1D6.tmp
C:\WINDOWS\system32\1D9.tmp
C:\WINDOWS\system32\1DC.tmp
C:\WINDOWS\system32\1DF.tmp
C:\WINDOWS\system32\1E2.tmp
C:\WINDOWS\system32\1E5.tmp
C:\WINDOWS\system32\1E8.tmp
C:\WINDOWS\system32\1EB.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1F1.tmp
C:\WINDOWS\system32\1F4.tmp
C:\WINDOWS\system32\1F7.tmp
C:\WINDOWS\system32\1FA.tmp
C:\WINDOWS\system32\1FD.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhcp5aj0et99
C:\Program Files\rhcp5aj0et99\database.dat
C:\Program Files\rhcp5aj0et99\license.txt
C:\Program Files\rhcp5aj0et99\MFC71.dll
C:\Program Files\rhcp5aj0et99\MFC71ENU.DLL
C:\Program Files\rhcp5aj0et99\msvcp71.dll
C:\Program Files\rhcp5aj0et99\msvcr71.dll
C:\Program Files\rhcp5aj0et99\rhcp5aj0et99.exe
C:\Program Files\rhcp5aj0et99\rhcp5aj0et99.exe.local
C:\Program Files\rhcp5aj0et99\rhcp5aj0et99Skin.dll
C:\Program Files\rhcp5aj0et99\Uninstall.exe
C:\WINDOWS\system32\188.tmp
C:\WINDOWS\system32\18B.tmp
C:\WINDOWS\system32\18E.tmp
C:\WINDOWS\system32\191.tmp
C:\WINDOWS\system32\194.tmp
C:\WINDOWS\system32\197.tmp
C:\WINDOWS\system32\19A.tmp
C:\WINDOWS\system32\19D.tmp
C:\WINDOWS\system32\1A0.tmp
C:\WINDOWS\system32\1A3.tmp
C:\WINDOWS\system32\1A6.tmp
C:\WINDOWS\system32\1A9.tmp
C:\WINDOWS\system32\1AC.tmp
C:\WINDOWS\system32\1AF.tmp
C:\WINDOWS\system32\1B2.tmp
C:\WINDOWS\system32\1B5.tmp
C:\WINDOWS\system32\1B8.tmp
C:\WINDOWS\system32\1BB.tmp
C:\WINDOWS\system32\1BE.tmp
C:\WINDOWS\system32\1C1.tmp
C:\WINDOWS\system32\1C4.tmp
C:\WINDOWS\system32\1C7.tmp
C:\WINDOWS\system32\1CA.tmp
C:\WINDOWS\system32\1CD.tmp
C:\WINDOWS\system32\1D0.tmp
C:\WINDOWS\system32\1D3.tmp
C:\WINDOWS\system32\1D6.tmp
C:\WINDOWS\system32\1D9.tmp
C:\WINDOWS\system32\1DC.tmp
C:\WINDOWS\system32\1DF.tmp
C:\WINDOWS\system32\1E2.tmp
C:\WINDOWS\system32\1E5.tmp
C:\WINDOWS\system32\1E8.tmp
C:\WINDOWS\system32\1EB.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1F1.tmp
C:\WINDOWS\system32\1F4.tmp
C:\WINDOWS\system32\1F7.tmp
C:\WINDOWS\system32\1FA.tmp
C:\WINDOWS\system32\1FD.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-24 17:44 . 2008-06-24 17:44 <DIR> d-------- C:\Program Files\CCleaner
2008-06-23 17:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-23 17:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 19:00 . 2008-06-22 19:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 10:17 . 2008-06-24 17:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 00:26 . 2008-06-22 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 00:25 . 2008-06-22 18:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 00:25 . 2008-06-22 00:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-22 00:04 . 2008-06-22 00:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-22 00:03 . 2008-06-30 22:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 00:03 . 2008-06-22 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 00:03 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 00:03 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 00:02 . 2008-06-22 00:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-21 23:02 . 2008-06-21 23:02 <DIR> d-------- C:\WINDOWS\Sun
2008-06-21 22:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-21 22:53 . 2008-06-21 22:54 <DIR> d-------- C:\Program Files\Java
2008-06-21 22:52 . 2008-06-21 22:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:35 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 00:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-30 22:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-06-24 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 05:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 22:43 --------- d-----w C:\Program Files\Morpheus
2008-05-30 06:00 --------- d-----w C:\Program Files\Google
2008-05-15 21:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-17 17:09 2,051,736 ----a-w C:\Program Files\xfire_installer_17902.exe
2005-11-24 00:03 9,352,392 ----a-w C:\Program Files\Install_MSN_Messenger.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 18:44 67128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-22 18:14 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 10:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 09:59 126976]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 19:12 65536 C:\WINDOWS\GWMDMMSG.exe]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 66048 C:\WINDOWS\system32\SK9910DM.EXE]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-30 23:59 185784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:03 579584]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 17:22 35328]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 17:20 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-02 10:49 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-13 18:44:21 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-22 18:14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-22 18:14 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"=
"C:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

R3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
S3 DCamUSBNovatek;SANYO Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2006-10-12 17:40]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 23:04:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 23:06:32
ComboFix-quarantined-files.txt 2008-07-01 04:06:19
ComboFix2.txt 2008-07-01 02:30:17

Pre-Run: 13,998,456,832 bytes free
Post-Run: 13,991,333,888 bytes free

235 --- E O F --- 2008-06-20 22:02:01
  • 0

#6
greyknight17
Posted 01 July 2008 - 06:31 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you tell Malwarebytes to remove all the infected files found? If not, run it again and tell it to remove them.

Good job. Your log is clean :)

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
Spartanfan
Posted 01 July 2008 - 07:57 PM

Spartanfan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
That appears to have taken care of it! Thanks Again for your time and knowledge!
-Josh
  • 0

#8
greyknight17
Posted 02 July 2008 - 06:25 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP