Zlob.Trojan in XP

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Zlob.Trojan in XP

Options

nthn75075 View Member Profile	Jan 13 2007, 08:49 PM Post #1
Member Posts: 15 OS: Windows XP	Hi, I'm Nathan I've got a a Zlob.Trojan infection. While the computer seems to be running fine, I need to do some sensitive online stuff soon, and I really don't want people seeing some of the numbers that I may have to type in. I've run all the stuff asked before running a Hijack this log, and have also tried both smitfraudfix and smitrem. Here's my log, uninstall list, and Panda active Scan Logfile of HijackThis v1.99.1 Scan saved at 8:40:15 PM, on 1/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.230/trafc/redir.php?cmp=...=md2_spybot_1_3 O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2 \DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 \SNDMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.internetimagingnetwork.com/a...x/PCAXSetup.cab? O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32 \Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32 \npkcsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Uninstall list 123 DVD Converter Ad-Aware SE Personal Adobe Download Manager 1.2 (Remove Only) Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 6.0.1 AIM 6.0 AOL Instant Messenger ATI Control Panel ATI Display Driver AVG Anti-Spyware 7.5 AVG Free Edition Canon Camera Window for ZoomBrowser EX Canon i860 Canon PhotoRecord Canon Utilities File Viewer Utility 1.2 Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX CC_ccProxyMSI CC_ccStart ccCommon CleanUp! Conexant D850 56K V.9x DFVc Modem Creative MediaSource Dance Dance Revolution Dell Digital Jukebox Driver Dell Media Experience Dell Solution Center Dell Support 5.0.0 (766) Diablo Digital Line Detect DVD Decrypter (Remove Only) DVD Identifier DVD Shrink 3.2 DVDSentry Easy-WebPrint Google Earth Google Talk (remove only) Guild Wars GunboundWC Hijackthis 1.99.1 HijackThis 1.99.1 Intel® PRO Network Adapters and Drivers Intel® PROSet Internet Explorer Default Page Jasc Paint Shop Photo Album Jasc Paint Shop Pro 8 Dell Edition Java 2 Runtime Environment, SE v1.4.2 K-Lite Codec Pack 2.80 Full LANBridge LiveReg (Symantec Corporation) Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Fireworks MX Macromedia Flash MX Macromedia Flash Player 8 Macromedia FreeHand 10 Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard 2004 Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft Office Professional Edition 2003 Middadle mIRC Modem Helper Mozilla Firefox (2.0.0.1) MSN Music Assistant MSRedist MSXML 4.0 SP2 (KB927978) Musicmatch® Jukebox NetWaiting Norton AntiSpam Norton AntiSpam Norton AntiVirus Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security (Symantec Corporation) Norton WMI Update nProtect KeyCrypt OIN Panda ActiveScan PowerDVD QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB929969) Shockwave Sonic DLA Sonic MyDVD Sonic RecordNow! Sonic Update Manager Sound Blaster Audigy 2 Spybot - Search & Destroy 1.3 SpyHunter SpywareBlaster v3.5.1 Starcraft StepMania (remove only) SUPERAntiSpyware Free Edition Symantec Script Blocking Installer Sysnet TaxACT 2005 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Viewpoint Manager (Remove Only) Viewpoint Media Player Web Browser Component Manager Winamp (remove only) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows VisFx Components Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver WordPerfect Office 11 XviD & MP3 Codec Pack (remove only) Activescan Incident Status Location Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin Spyware:spyware/media-motor Not disinfected c:\windows\ubber60.ini Adware:adware/imgiant Not disinfected c:\program files\joystick networks Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users\application data\vidctrl Adware:adware/wupd Not disinfected Windows Registry Spyware:spyware/safesurf Not disinfected Windows Registry Adware:adware/outerinfo Not disinfected Windows Registry Adware:adware/esyndicate Not disinfected Windows Registry Adware:adware/pacimedia Not disinfected Windows Registry Spyware:spyware/apropos Not disinfected Windows Registry Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Adware:adware/elitebar Not disinfected Windows Registry Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.com.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.realmedia.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/hc/84815040] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.clickbank.net/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.toplist.cz/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.statcounter.com/] Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.ccbill.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.i.screensavers.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.zedo.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.burstnet.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.adrevolver.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.burstnet.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.atwola.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.go.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.serving-sys.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.azjmp.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.uol.com.br/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/hc/79170937] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.target.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[searchportal.information.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\nw\Cookies\nw@atwola[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\3EFBEAA3d01[smitRem/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\My Documents\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\My Documents\smitRem.exe[smitRem/Process.exe] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.overture.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.2o7.net/] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.target.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.atwola.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.bravenet.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.did-it.com/] Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[www48.seeq.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.apmebf.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[landing.domainsponsor.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.belnk.com/] Adware:Adware/Cmap Not disinfected C:\Program Files\CMAPP\Client\cmappupdate.exe[cmappclient.exe] Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\abrras.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Cursors\avplay.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Cursors\iisvga.exe Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[uninstaller.exe] Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[clicks.dll] Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[Updater.exe] Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[Watcher.exe] Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Help\runfont.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Microsoft.NET\olew.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\MSAGENT\olebak.exe Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Registration\faxole.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Registration\iiswms.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\REPAIR\cabjpeg.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\SYSTEM\sap.exe Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\SYSTEM32\dckn.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exdl.exe] Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exul.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][bargains.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][adv.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][adx.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][²èÇ] Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[nls8039_MARKETING51.exe][²èÇ] Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[nls8039_MARKETING51.exe][nls.exe] Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][mscb.dll] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][cashback.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][cb.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][flash.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_click_wider.swf] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_auto_wider.swf] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_welcome.html] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_welcome1.swf] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][icon.gif] Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][logo.gif] Adware:Adware/404Search Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exclean.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe Adware:Adware/Midaddle Not disinfected C:\WINDOWS\uninstaller.exe Thanks for your time. You guys at Geeks to Go have helped me before and I have to say you're the best on the web.

kahdah View Member Profile	Jan 14 2007, 12:51 PM Post #2
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello nthn75075 Welcome to G2Go. My name is Kahdah and I will be helping you with your Malware problem. As I am still in training I will be helping you under supervision of our expert teachers,so there may be a delay between posts. I will be back with you as soon as possible.

kahdah View Member Profile	Jan 14 2007, 01:50 PM Post #3
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello nthn75075 1. Download ComboFix.exe using either of these links: BleepingComputer Techsupportforum.com 2. Double click on combofix.exe & follow the prompts to allow the tool to run. 3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall (Note:When you save your next hjt log please make sure that Wordwrap is unckecked in Notepad. You can check it by going to the top of the Notepad document and click Edit make sure that Word wrap is unchecked.

nthn75075

Jan 14 2007, 07:22 PM

Post #4

Member

Posts: 15
OS: Windows XP

Alright, here are the logs:

Combofix

"nw" - 07-01-14 19:05:45 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\combofix"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\cmapp

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))

2007-01-14 19:03 <DIR> d-------- C:\combofix
2007-01-14 14:04 <DIR> d-------- C:\DOCUME~1\al\Application Data\AVG7
2007-01-13 17:47 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-13 14:58 <DIR> d-------- C:\DOCUME~1\yk\Application Data\AVG7
2007-01-13 13:48 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-13 12:52 <DIR> d-------- C:\DOCUME~1\nw\Application Data\AVG7
2007-01-13 12:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-13 12:51 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2007-01-13 12:51 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2007-01-13 12:51 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2007-01-13 12:51 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2007-01-13 12:51 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
2007-01-13 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-13 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-13 12:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-13 12:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-13 12:47 <DIR> d-------- C:\DOCUME~1\nw\Application Data\SUPERAntiSpyware.com
2007-01-13 12:31 3,800 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-13 12:30 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2007-01-13 12:30 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-01-13 12:30 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-01-13 12:30 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2007-01-13 12:30 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-01-13 12:30 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2007-01-12 20:17 <DIR> d-------- C:\Program Files\SpywareBot
2007-01-12 19:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-12-27 23:00 <DIR> d-------- C:\DOCUME~1\nw\Application Data\acccore
2006-12-27 23:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2006-12-27 22:56 <DIR> d-------- C:\Program Files\AIM6
2006-12-27 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-14 19:02 -------- d-------- C:\Program Files\mozilla firefox
2007-01-13 19:17 -------- d-------- C:\Program Files\winamp
2007-01-13 19:14 -------- d-------- C:\Program Files\quicktime
2007-01-13 19:13 -------- d-------- C:\Program Files\norton internet security
2007-01-13 19:10 -------- d-------- C:\Program Files\messenger
2007-01-13 19:04 -------- d-------- C:\Program Files\digital line detect
2007-01-13 18:34 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-13 17:58 -------- d--h----- C:\Program Files\installshield installation information
2007-01-13 12:51 -------- d-------- C:\Program Files\grisoft
2007-01-12 20:12 -------- d-------- C:\Program Files\spywareblaster
2007-01-10 23:33 -------- d-------- C:\Program Files\viewpoint
2007-01-07 16:09 -------- d-------- C:\DOCUME~1\nw\Application Data\adobeum
2006-12-28 00:48 -------- d-------- C:\Program Files\aim
2006-12-27 22:57 -------- d-------- C:\Program Files\Common Files\aol
2006-12-21 12:45 -------- d-------- C:\Program Files\gwfreaks
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-12-04 20:54 -------- d-------- C:\DOCUME~1\nw\Application Data\winamp
2006-12-02 14:39 -------- d-------- C:\DOCUME~1\nw\Application Data\media player classic
2006-11-27 20:54 -------- d-------- C:\DOCUME~1\nw\Application Data\u3
2006-11-27 20:04 -------- d-------- C:\Program Files\k-lite codec pack
2006-11-23 00:21 -------- d-------- C:\Program Files\ac3filter
2006-11-18 15:46 -------- d-------- C:\Program Files\stepmania
2006-11-16 02:00 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 09:48 1138688 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2006-11-07 23:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-03 13:35 217088 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"Aim6"=""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mmtask"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpyHunter"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nw^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\nw\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\nw\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgmgr52"
"hkey"="HKLM"
"command"="RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1124501765\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpigqlb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qpigqlb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\qpigqlb.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime