Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another vipdown.exe infection


  • This topic is locked This topic is locked

#61
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
I'm having problems copying the log. It keeps crashing the program.
I've attached a screen dump. Is that ok?

Attached Files


  • 0

Advertisements


#62
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I can't view it, can you convert it to jpg or jpeg?
  • 0

#63
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
How's that?

Attached Thumbnails

  • clip_image002.jpg

Edited by Red_6, 16 October 2006 - 06:47 AM.

  • 0

#64
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I'd like to see more info on those ADS entries, the rest is clean.

Scan for Hidden Data Streams
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy.."
  • In ADS Spy, uncheck the following options:
    Quick Scan
    Ignore safe system info streams
  • Click on "Scan"
  • Click on "Save Log..."
  • Copy and paste the List from the notepad into your next post
Also post a new combofix log and let's see if there are any new files.
  • 0

#65
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hidden Data Streams scan shows nothing.
  • 0

#66
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
dam - 06-10-17 3:56:48.91 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Tools"

((((((((((((((((((((((((((((((( Files Created from 2006-09-17 to 2006-10-17 ))))))))))))))))))))))))))))))))))


2006-10-13 07:36 57,344 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-13 07:36 31,232 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-13 07:36 281,088 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-13 07:36 1,630,208 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-13 07:33 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2006-10-13 07:33 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2006-10-13 07:33 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-13 07:33 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-13 02:59 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-11 04:57 56,400 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-11 04:57 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-11 04:57 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-11 04:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-10-10 06:57 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-10-10 02:09 613,944 --a------ C:\blbetac.exe
2006-10-07 07:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05 02:28 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-05 02:27 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-05 02:27 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-05 02:27 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-05 02:27 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-05 02:27 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-05 02:27 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-05 02:27 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-05 02:27 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-05 02:26 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-05 02:26 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-05 02:26 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-05 02:26 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-05 02:26 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-05 02:26 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-05 02:25 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-05 02:25 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-05 02:25 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-05 02:25 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-05 02:25 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-05 02:25 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-05 02:25 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-05 02:25 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-05 02:25 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-05 02:25 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-05 02:25 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-05 02:25 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-05 02:25 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-05 02:25 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-05 02:24 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-05 02:24 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-05 02:24 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-05 02:24 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-05 02:24 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-05 02:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-05 02:24 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-05 02:24 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-05 02:24 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-05 02:24 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-05 02:24 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-05 02:24 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-05 02:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-05 02:24 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-05 02:24 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-05 02:24 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-05 02:24 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-05 02:24 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-05 02:24 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-05 02:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-05 02:24 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-05 02:24 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-05 02:24 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-05 02:24 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-05 02:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-05 02:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-05 02:24 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-05 02:24 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-05 02:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-05 02:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-05 02:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-05 02:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-05 02:24 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-05 02:24 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-05 02:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-05 02:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-05 02:24 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-05 02:24 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-05 02:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-05 02:24 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-05 02:24 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-05 02:24 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-05 02:24 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-05 02:24 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-05 02:24 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-05 02:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-05 02:23 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-05 02:23 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-05 02:23 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-05 02:23 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-05 02:23 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-05 02:23 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-05 02:23 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-05 02:23 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-05 02:23 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-05 02:23 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-05 02:23 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-05 02:23 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-05 02:23 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-05 02:23 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-05 02:23 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-05 02:23 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-05 02:23 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-05 02:23 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-05 02:23 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-05 02:23 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-05 02:23 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-05 02:23 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-05 02:23 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-05 02:23 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-05 02:23 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-05 02:23 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-05 02:23 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-05 02:23 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-05 02:23 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-05 02:23 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-05 02:23 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-05 02:23 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-05 02:23 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-05 02:23 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-05 02:23 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-05 02:23 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-05 02:23 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-05 02:23 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-05 02:23 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-05 02:23 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-05 02:23 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-05 02:23 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-05 02:22 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-05 02:22 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-05 02:22 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-05 02:22 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-05 02:22 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-05 02:22 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-05 02:22 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-05 02:22 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-05 02:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-05 02:22 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-05 02:22 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-05 02:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-05 02:22 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-05 02:22 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-05 02:22 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-05 02:22 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-05 02:22 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-05 02:22 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-05 02:22 25,216 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-05 02:22 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-05 02:22 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-05 02:22 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-05 02:22 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-05 02:22 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-05 02:22 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-05 02:22 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-05 02:22 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-05 02:22 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-05 02:22 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-05 02:22 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-05 02:22 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-05 02:22 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-05 02:22 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-05 02:21 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2006-10-05 02:21 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-05 02:21 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-05 02:21 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-05 02:21 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-05 02:21 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-05 02:21 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-05 02:21 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-05 02:21 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-05 02:21 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-05 02:21 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-05 02:21 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-05 02:21 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-05 02:21 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-05 02:21 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2006-10-05 02:21 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-05 02:21 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-05 02:21 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-05 02:21 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-05 02:21 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-05 02:21 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-05 02:21 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-05 02:20 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-05 02:20 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-05 02:20 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-05 02:20 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-05 02:20 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-05 02:20 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-05 02:20 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-05 02:20 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-05 02:20 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-05 02:19 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-05 02:18 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-05 02:18 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-05 02:18 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-05 02:18 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-05 02:18 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-05 02:18 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-05 02:18 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-05 02:18 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-05 02:18 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-05 02:18 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-05 02:18 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-05 02:18 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-05 02:18 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-05 02:18 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-05 02:18 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-05 02:18 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-05 02:18 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-05 02:18 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-05 02:18 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-05 02:14 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-05 02:14 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-05 02:14 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-05 02:14 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-05 02:13 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-05 02:13 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-05 02:13 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
2006-10-05 02:13 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-05 02:13 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-05 02:13 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-05 02:13 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-05 02:13 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-05 02:13 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-05 02:13 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-05 02:13 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-05 02:13 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-05 02:13 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-05 02:13 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-05 02:13 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-05 02:13 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-05 02:13 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-05 02:13 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-05 02:13 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-05 02:13 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-05 02:13 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-05 02:13 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-05 02:12 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-05 02:11 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-05 02:11 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-05 02:11 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-05 02:11 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-05 02:11 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-05 02:11 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-05 02:11 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-05 02:11 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-05 02:11 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-05 02:11 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-05 02:11 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-05 02:10 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-05 02:10 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-05 02:10 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-05 02:10 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-05 02:10 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-05 02:10 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-05 02:10 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-05 02:10 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-05 02:10 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-05 02:10 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-05 02:10 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-05 02:10 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-05 02:10 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-05 02:10 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-05 02:10 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-05 02:10 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-05 02:10 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-05 02:09 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-05 02:09 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-05 02:09 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-05 02:09 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-05 02:09 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-05 02:09 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-05 02:09 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-05 02:09 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-05 02:09 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-05 02:09 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-05 02:09 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-05 02:09 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-05 02:08 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-05 02:08 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-05 02:08 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-05 02:08 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-05 02:08 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-05 02:08 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-05 02:08 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-05 02:08 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-05 02:08 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-05 02:07 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-05 02:07 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-05 02:07 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-05 02:07 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-05 02:07 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-05 02:07 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-05 02:07 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-05 02:07 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-05 02:07 115,712 --a------ C:\WINDOWS\system32\apphelp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-17 03:57 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-16 04:30 -------- d-------- C:\Documents and Settings\dam\Application Data\Adobe
2006-10-13 07:59 -------- d-------- C:\Program Files\Internet Explorer
2006-10-13 05:43 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-13 05:42 -------- d-------- C:\Program Files\Google
2006-10-13 03:01 -------- d-------- C:\Program Files\Messenger
2006-10-13 03:00 -------- d-------- C:\Program Files\Windows Media Player
2006-10-13 02:54 -------- d-------- C:\Program Files\Outlook Express
2006-10-13 02:54 -------- d-------- C:\Program Files\Common Files\System
2006-10-11 04:56 -------- d-------- C:\Program Files\Sygate
2006-10-11 04:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-08 23:05 -------- d-------- C:\Program Files\Common Files
2006-10-07 15:23 -------- d-------- C:\Program Files\Booby
2006-10-07 07:41 -------- d-------- C:\Program Files\Macromedia
2006-10-07 07:41 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Kazaa Lite K++
2006-10-07 07:41 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-07 07:41 -------- d-------- C:\Program Files\JavaSoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Java
2006-10-07 07:41 -------- d-------- C:\Program Files\iTunes
2006-10-07 07:41 -------- d-------- C:\Program Files\IrfanView
2006-10-07 07:41 -------- d-------- C:\Program Files\iPod
2006-10-07 07:41 -------- d-------- C:\Program Files\Grisoft
2006-10-07 07:41 -------- d-------- C:\Program Files\eMule
2006-10-07 07:41 -------- d-------- C:\Program Files\D-Link AirPlus
2006-10-07 07:41 -------- d-------- C:\Program Files\CyberLink
2006-10-07 07:41 -------- d-------- C:\Program Files\CleanUp!
2006-10-07 07:41 -------- d-------- C:\Program Files\BitTorrent
2006-10-07 07:41 -------- d-------- C:\Program Files\Azureus
2006-10-07 07:41 -------- d-------- C:\Program Files\Audible
2006-10-07 07:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-07 07:41 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-07 07:41 -------- d-------- C:\Program Files\Ahead
2006-10-07 07:35 -------- d-------- C:\Program Files\Microsoft
2006-10-05 03:10 -------- d-------- C:\Program Files\NetMeeting
2006-10-05 02:40 -------- d-------- C:\Program Files\Movie Maker
2006-10-04 02:52 -------- d-------- C:\Documents and Settings\dam\Application Data\Lavasoft
2006-10-02 18:08 -------- d-------- C:\Program Files\Adobe
2006-09-04 08:00 -------- d-------- C:\Documents and Settings\dam\Application Data\Google


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.4884\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LTSMMSG"="LTSMMSG.exe"
"AtiPTA"="atiptaxx.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"iPodManager"="C:\\Program Files\\iPod\\bin\\iPodManager.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/dam/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/dam/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,\
ff,ff,3f,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:dc,ff,ad,02,e5,b2,e9,77,98,78,e9,77,ff,ff,ff,ff,17,e1,\
e7,77,17,e1,e7,77

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-17 3:57:47.30
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#67
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Good, and nothing new in combofix..give it a day or two, use the computer and then post a new combofix log and let's see if anything new will appear..

Right now do you have any problems at all?

Also now please upload all the backup.zip files in the C:\Avenger folder to Spykiller as well as the

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine folder after zipping it.

Make the topic name Chinese bundle. They will submit to antivirus companies from there. Also please put a link to this topic.

http://www.thespykil...x.php?board=1.0

Edited by Armodeluxe, 17 October 2006 - 06:00 AM.

  • 0

#68
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Will do when I get back to the machine.
Is it ok to install the Windows security patches that I have waiting to install?
  • 0

#69
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Yes, sure go ahead..once if we determine nothing is coming back we will install Service Pack 2 also..
  • 0

#70
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
System seems to be working OK at the moment.

I'm either being too impatient or doing some wrong, but I've been trying to submit a post to the spy killer forum using with 2 different PCs but it doesn't seem to complete the submit.
  • 0

Advertisements


#71
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Go here and upload them here instead. You will have to upload them each seperately.

http://www.bleepingc...e.php?channel=8

Now the developer of combofix, sUBs, made a brand new version of combofix targeting these Chinese bundles.

Delete the version you have and then download the new version. Let's run it and see if it finds anything left over.

Download this file - combofix.exe

and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe" /wow

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /wow

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
  • 0

#72
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of HijackThis v1.99.1
Scan saved at 02:36, on 06-10-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#73
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Combofix log is rather large so am attaching it instead

Attached Files


  • 0

#74
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
That _desktop.ini was everywhere..it also found some more files and deleted.

Fix this leftover entry in HijackThis:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

I think now is the right time to download Service Pack 2. Just don't activate the Windows firewall that comes with it, you shouldn't run more than one firewall, that would cause problems.

After installing let me see a new HijackThis log. Then you should be good to go..

http://www.microsoft...p2/default.mspx
  • 0

#75
Red_6

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
That last fix seems to have done something to my logon settings. I have to use the Classic Logon to log in now, whereas I could just click the user on the Welcome screen before. Tried using TweakUI to Logon automatically but this gets reset after the first attempt to login.

Also have problems attempting to download SP2, it goes to the page which says "Files required to use Microsoft Update are no longer registered or installed on your computer".

I select the default option "Register or reinstall the files for me now" which proceeds to download and register some files but then nothing happens!

----

Managed to fix the second problem but not sure whether to continue if there's still things causing the first.

Edited by Red_6, 19 October 2006 - 01:32 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP