Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adultfriend, youpulled, etc. Malware , no fix found? [RESOLVED]

Started by skip291 , Sep 24 2006 06:47 PM

  • This topic is locked This topic is locked

#1
skip291
Posted 24 September 2006 - 06:47 PM

skip291

    Member

  • Member
  • PipPip
  • 14 posts
I have tried everything that is possible to remove this nasty pop up generator. Keep getting pop ups, and my ewido, search and destroy, Adaware , Avast ...do not recognize a problem. Here is the hijack log file

Logfile of HijackThis v1.99.1
Scan saved at 9:35:55 PM, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Dit.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\sdcc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brad Chapman\Desktop\KillBox.exe
C:\Documents and Settings\Brad Chapman\Desktop\Hoster\Hoster.exe
C:\Documents and Settings\Brad Chapman\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cicero.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cicero.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48183D2A-CDEC-4D05-A224-E9BF7EBDADFA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: start.lnk = C:\WINDOWS\system32\sdcc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cicero.ca/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bradsblogs.sp...ad/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld....ges/CUworld.cab
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlin...rovisioning.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosl32 - winosl32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\StuffIt\MXTask.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 25 September 2006 - 04:07 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Delete this file.

C:\WINDOWS\system32\sdcc.exe


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {48183D2A-CDEC-4D05-A224-E9BF7EBDADFA} - (no file)
O4 - Startup: start.lnk = C:\WINDOWS\system32\sdcc.exe
O20 - Winlogon Notify: ddayv - C:\WINDOWS\
O20 - Winlogon Notify: winosl32 - winosl32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


Reboot your computer.




Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#3
skip291
Posted 25 September 2006 - 04:15 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for getting back to me, I tried deleting the sdcc.exe file, but it is saying its write protected and I cant remove it. Any tips?
  • 0

#4
skip291
Posted 25 September 2006 - 05:17 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay forget the last post. I did what you said, and my computer is crashing after about 5 minutes. So i went from a few annoying popups to some real instability here. Any idea what could be causing this?
  • 0

#5
skip291
Posted 25 September 2006 - 05:48 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It seems to be occuring (the crash) when I log in to messenger and try and hold a conversation. It reboots, and everything is fine again, until i try and use messenger.
  • 0

#6
Buckeye_Sam
Posted 26 September 2006 - 07:58 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Have you run Panda yet?

Please post a new hijackthis log.
  • 0

#7
skip291
Posted 26 September 2006 - 01:16 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Avast wont let it install, it says there is a virus in the program. Panda that is. When I deleted the files you mentioned, i couldnt bring up any more web sites at all, so I had to restore them back to the PC. I only deleted the ones you told me above. New log file below

Logfile of HijackThis v1.99.1
Scan saved at 4:16:30 PM, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brad Chapman\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cicero.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cicero.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48183D2A-CDEC-4D05-A224-E9BF7EBDADFA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: start.lnk = C:\WINDOWS\system32\sdcc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cicero.ca/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bradsblogs.sp...ad/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld....ges/CUworld.cab
O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlin...rovisioning.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosl32 - winosl32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\StuffIt\MXTask.exe
  • 0

#8
Buckeye_Sam
Posted 26 September 2006 - 03:36 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download LSPFix from http://www.cexx.org/lspfix.zip
Don't run this program yet, but if you lose your connection it will get you back online.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#9
skip291
Posted 26 September 2006 - 04:59 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Brad Chapman - 06-09-26 19:57:07.06 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Brad Chapman\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))


2006-09-25 22:25 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 22:25 624,640 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-23 11:36 61,440 --a------ C:\WINDOWS\ctdrvins.exe
2006-09-23 11:36 53,248 --a------ C:\WINDOWS\system32\p1070int.dll
2006-09-23 11:36 24,576 --a------ C:\WINDOWS\system32\p1070pin.dll
2006-09-23 11:36 159,744 --a------ C:\WINDOWS\system32\p1070img.dll
2006-09-05 20:39 6,144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-09-05 20:24 594,450 --a------ C:\WINDOWS\system32\x264vfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-26 19:57 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\uTorrent
2006-09-26 19:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-25 22:21 -------- d-------- C:\Program Files\XoftSpySE
2006-09-25 22:02 -------- d-------- C:\Program Files\MSN Messenger
2006-09-25 20:08 -------- d-------- C:\Program Files\Trojan Remover
2006-09-25 20:07 -------- d-------- C:\Program Files\Roguescanfix
2006-09-25 20:06 -------- d-------- C:\Program Files\Musicmatch
2006-09-25 20:05 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-25 20:05 -------- d-------- C:\Program Files\mobile PhoneTools
2006-09-25 20:02 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS
2006-09-24 11:56 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Allume Systems
2006-09-24 11:55 -------- d-------- C:\Program Files\Allume
2006-09-22 17:42 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\ICAClient
2006-09-22 17:41 -------- d-------- C:\Program Files\Citrix
2006-09-20 18:14 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Vso
2006-09-19 11:35 -------- d-------- C:\Program Files\GameSpy Arcade
2006-09-19 11:20 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Google
2006-09-18 17:21 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Lavasoft
2006-09-18 17:20 -------- d-------- C:\Program Files\Lavasoft
2006-09-18 14:33 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Canon
2006-09-16 14:54 -------- d-------- C:\Program Files\EA SPORTS
2006-09-16 12:33 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\ArcSoft
2006-09-13 20:54 -------- d-------- C:\Program Files\vso
2006-09-10 16:17 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Apple Computer
2006-09-10 16:16 -------- d-------- C:\Program Files\QuickTime
2006-09-05 20:39 -------- d-------- C:\Program Files\ffdshow
2006-09-05 20:24 -------- d-------- C:\Program Files\x264
2006-09-04 19:00 -------- d-------- C:\Program Files\Windows Media Player
2006-09-04 13:53 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-03 15:32 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\dvdcss
2006-09-02 12:24 -------- d-------- C:\Program Files\InterActual
2006-08-26 14:38 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\ATI MMC
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --a------ C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --a------ C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --a------ C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --a------ C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 21:25 -------- d-------- C:\Program Files\Plus!
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-23 16:08 -------- d-------- C:\Program Files\WinRAR
2006-08-21 09:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 06:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 06:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 13:33 -------- d-------- C:\Program Files\directx
2006-08-17 11:57 -------- d-------- C:\Program Files\BigFix
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-14 14:09 302646 --a------ C:\WINDOWS\system32\m247es.exe
2006-08-14 14:08 408688 --a------ C:\WINDOWS\system32\mgsb.exe
2006-08-13 10:03 -------- d-------- C:\Program Files\Symantec
2006-08-13 10:03 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-13 10:03 -------- d-------- C:\Program Files\Common Files
2006-08-12 09:42 -------- d-------- C:\Program Files\DVDFab Decrypter
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-10 13:03 -------- d-------- C:\Program Files\Internet Explorer
2006-08-08 17:19 34 --a------ C:\Documents and Settings\Brad Chapman\Application Data\pcouffin.log
2006-08-08 17:18 81920 --a------ C:\Documents and Settings\Brad Chapman\Application Data\ezpinst.exe
2006-08-08 17:18 7176 --a------ C:\Documents and Settings\Brad Chapman\Application Data\pcouffin.cat
2006-08-08 17:18 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-08-08 17:18 47360 --a------ C:\Documents and Settings\Brad Chapman\Application Data\pcouffin.sys
2006-08-08 17:18 1144 --a------ C:\Documents and Settings\Brad Chapman\Application Data\pcouffin.inf
2006-08-07 00:20 -------- d-------- C:\Program Files\Acoustica CD Label Maker
2006-08-07 00:19 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Acoustica
2006-08-06 22:50 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-08-06 13:35 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2006-08-01 21:33 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-08-01 21:15 -------- d-------- C:\Program Files\McAfee
2006-08-01 20:28 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Azureus
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 05:45 -------- d-------- C:\Program Files\ratDVD
2006-07-27 18:22 -------- d-------- C:\Program Files\Corel
2006-07-27 18:19 -------- d-------- C:\Documents and Settings\Brad Chapman\Application Data\Corel
2006-07-27 18:04 877 --a------ C:\Documents and Settings\Brad Chapman\Application Data\AdobeDLM.log
2006-07-27 18:04 0 --a------ C:\Documents and Settings\Brad Chapman\Application Data\dm.ini
2006-07-27 18:02 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-27 10:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 16:48 120 --a------ C:\Documents and Settings\Brad Chapman\Application Data\FixVTS.ini
2006-07-22 22:09 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-07-21 05:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-08 18:52 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-06-30 19:56 245408 --a------ C:\WINDOWS\system32\unicows.dll
2006-06-26 22:32 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-26 22:32 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-26 22:32 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-26 22:32 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-10 16:56 0 --a------ C:\Documents and Settings\Brad Chapman\Application Data\wklnhst.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
@=""
"ATI Launchpad"=""
"ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"ATI Remote Control"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"CUCore Agent"=""
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"cinnamomum"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winosl32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 26/09/2006 19:57:45.26
ComboFix.txt
  • 0

#10
Buckeye_Sam
Posted 27 September 2006 - 03:26 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {48183D2A-CDEC-4D05-A224-E9BF7EBDADFA} - (no file)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\
O20 - Winlogon Notify: winosl32 - winosl32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



Reboot your computer.


  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:



    C:\WINDOWS\system32\sdcc.exe


  • Click on the submit button
  • Please post the results in your next reply.

============


Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
  • 0

Advertisements

#11
skip291
Posted 27 September 2006 - 05:30 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
This may have done it, havent any popups all day. Things may turnin round! Here is the last log requested.

GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2006-09-27 20:28:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86797C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86797C78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86401650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86401650
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86798590
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 86798590
Device \Driver\00000057 \Device\00000046 IRP_MJ_POWER [F7417EA8] sptd.sys
Device \Driver\00000057 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F742BA70] sptd.sys
Device \Driver\00000057 \Device\00000046 IRP_MJ_PNP [F7424728] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_CREATE 863582E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_CLOSE 863582E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_DEVICE_CONTROL 863582E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_INTERNAL_DEVICE_CONTROL 863582E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_CLEANUP 863582E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{8AD10E0E-1CAB-4773-B6D8-2DB5E50CC7F0} IRP_MJ_PNP 863582E0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867987C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867987C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 864A32C0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 864A32C0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86395670
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA
  • 0

#12
Buckeye_Sam
Posted 28 September 2006 - 03:43 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It looks like the log may have been cut off. Is that all of it?

Did you get a log from the file scan at Jotti?
  • 0

#13
skip291
Posted 28 September 2006 - 04:01 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Jotti wouldnt let me do anything, and that was the entire log that was copied.
  • 0

#14
Buckeye_Sam
Posted 28 September 2006 - 04:38 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Try submitting that same file at this site.

http://www.virustota.../en/indexf.html

The upload form is right at the very top of the page.
  • 0

#15
skip291
Posted 28 September 2006 - 04:56 PM

skip291

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
C:\WINDOWS\system32\sdcc.exe
Has been deleted from the system. I guess we pulled it off. I am sorry, but it has been deleted and I cant find it anywhere. Am I out of the woods then?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP