Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo Trojan ... and more? [CLOSED]

Started by mmarquez , Jan 30 2008 06:09 PM

  • This topic is locked This topic is locked

#1
mmarquez
Posted 30 January 2008 - 06:09 PM

mmarquez

    New Member

  • Member
  • Pip
  • 6 posts
Can someone please help me? I've tried everything and it seems whatever my computer is infected with is not going away! :)

Help!!! :)

I'm going to paste the HJT log I got but this may not be what you guys need to help me. Any help would be greatly appreciated! Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:30 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\mshta.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\PROGRA~1\AWS\WEATHE~1\Weather.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usaa.com...ent_logon/Logon
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {157CC180-209A-430F-99BD-3C2590653ECD} - (no file)
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\Equifax\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - F:\Program Files\Equifax\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: {cce4cb08-ec97-c608-9a34-67e860a005ca} - {ac500a06-8e76-43a9-806c-79ce80bc4ecc} - F:\WINDOWS\system32\vhrrsbtc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - F:\Program Files\Equifax\Toolbar\uninsttb.dll
O3 - Toolbar: Equifax Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - F:\Program Files\Equifax\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "F:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SNM] F:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsgCenterExe] "F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://F:\Program Files\Equifax\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://*.webconference.com
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - F:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8101 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 30 January 2008 - 06:44 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
mmarquez
Posted 30 January 2008 - 09:45 PM

mmarquez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks! Here they are:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:41 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\ComboFix[1]\kmd.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\Nircmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usaa.com...ent_logon/Logon
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - F:\Program Files\Equifax\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - F:\Program Files\Equifax\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - F:\Program Files\Equifax\Toolbar\uninsttb.dll
O3 - Toolbar: Equifax Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - F:\Program Files\Equifax\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "F:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SNM] F:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsgCenterExe] "F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://F:\Program Files\Equifax\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://*.webconference.com
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - F:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7787 bytes



ComboFix 08-01-31.3 - CapeCod 2008-01-30 22:35:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -5:00]
Running from: F:\Documents and Settings\CapeCod\Local Settings\Temporary Internet Files\Content.IE5\79QJAMIJ\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
F:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
F:\Documents and Settings\CapeCod\Application Data\SpamBlockerUtility_Icons
F:\Documents and Settings\CapeCod\Application Data\SpamBlockerUtility_Icons\RegistryDefender_2.ico
F:\Documents and Settings\CapeCod\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
F:\Documents and Settings\CapeCod\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
F:\Documents and Settings\CapeCod\Favorites\Online Security Guide.lnk
F:\Documents and Settings\CapeCod\My Documents\YMANTE~1
F:\Documents and Settings\CapeCod\Start Menu\Programs\Uninstall.lnk
F:\Program Files\Temporary
F:\WINDOWS\cookies.ini
F:\WINDOWS\Fonts\acrsecB.fon
F:\WINDOWS\Fonts\acrsecI.fon
F:\WINDOWS\racle~1
F:\WINDOWS\racle~1\?racle\
F:\WINDOWS\system32\ahhxwqff.ini
F:\WINDOWS\system32\bsalbnoj.dll
F:\WINDOWS\system32\chpjsgjt.dll
F:\WINDOWS\system32\cmecaswi.dll
F:\WINDOWS\system32\CMMGR32.EXE
F:\WINDOWS\system32\dhnrkudj.ini
F:\WINDOWS\system32\drivers\fad.sys
F:\WINDOWS\system32\ehoxjjdv.dll
F:\WINDOWS\system32\emgrvdxw.dll
F:\WINDOWS\system32\fplxpgfb.ini
F:\WINDOWS\system32\fycgqtrl.dll
F:\WINDOWS\system32\gdktqvve.dllbox
F:\WINDOWS\system32\hewsdieu.ini
F:\WINDOWS\system32\hjxuxnil.ini
F:\WINDOWS\system32\hvlqjfim.ini
F:\WINDOWS\system32\inpgfgci.ini
F:\WINDOWS\system32\jmqicsal.dll
F:\WINDOWS\system32\jtuthees.dll
F:\WINDOWS\system32\jueetlxl.dll
F:\WINDOWS\system32\jxthugtq.dllbox
F:\WINDOWS\system32\kiewyufo.ini
F:\WINDOWS\system32\kumxfrjd.ini
F:\WINDOWS\system32\kwybkgkq.ini
F:\WINDOWS\system32\lasciqmj.ini
F:\WINDOWS\system32\linxuxjh.dll
F:\WINDOWS\system32\lqqbiirs.dll
F:\WINDOWS\system32\lrtqgcyf.ini
F:\WINDOWS\system32\lumcwfqv.dllbox
F:\WINDOWS\system32\mcrh.tmp
F:\WINDOWS\system32\nlglricb.dll
F:\WINDOWS\system32\ordaiion.dll
F:\WINDOWS\system32\pakdfqxx.ini
F:\WINDOWS\system32\pghjxcaa.dll
F:\WINDOWS\system32\pgxrnhsj.ini
F:\WINDOWS\system32\pxstcwnx.ini
F:\WINDOWS\system32\rcnihlld.dll
F:\WINDOWS\system32\rdheacvx.dll
F:\WINDOWS\system32\sriibqql.ini
F:\WINDOWS\system32\tdhhcbso.dll
F:\WINDOWS\system32\uvvwa.ini
F:\WINDOWS\system32\uvvwa.ini2
F:\WINDOWS\system32\vdrbtcyw.ini
F:\WINDOWS\system32\vettuyuj.dll
F:\WINDOWS\system32\vhrrsbtc.dll
F:\WINDOWS\system32\voyoriop.dll
F:\WINDOWS\system32\wjauuggr.dll
F:\WINDOWS\system32\wsxgvaei.ini
F:\WINDOWS\system32\xvcaehdr.ini
F:\WINDOWS\system32\xvmgeexo.dll
F:\WINDOWS\system32\ycnjnujw.dllbox
F:\WINDOWS\ymante~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-19 17:02 . 2004-10-07 20:16 35,840 --a------ F:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-19 12:51 . 2008-01-19 12:51 <DIR> d-------- F:\Program Files\HP
2008-01-19 12:50 . 2007-08-25 19:39 174,520 --a------ F:\WINDOWS\hpdj5600.hi2
2008-01-19 12:50 . 2007-08-25 19:39 7,555 --a------ F:\WINDOWS\hpdj5600.bu2
2008-01-19 12:47 . 2003-07-28 09:07 278,528 --a------ F:\WINDOWS\system32\hpdj5600
2008-01-19 12:43 . 2008-01-19 12:48 41,486 --a------ F:\WINDOWS\hpdj5600.hi1
2008-01-19 12:43 . 2008-01-19 12:48 4,968 --a------ F:\WINDOWS\hpdj5600.bu1
2008-01-19 09:20 . 2008-01-19 09:20 <DIR> d-------- F:\Documents and Settings\CapeCod\Application Data\Individual Software
2008-01-19 09:19 . 2000-05-21 23:00 1,009,336 --a------ F:\WINDOWS\system32\MSCHRT20.OCX
2008-01-19 09:18 . 2008-01-19 11:06 <DIR> d-------- F:\Program Files\ResumeMaker
2008-01-19 09:18 . 1998-05-17 23:06 368,912 --a------ F:\WINDOWS\system32\vbar332.dll
2008-01-19 09:18 . 2001-08-10 01:01 287,504 --a------ F:\WINDOWS\system32\msxbse35.dll
2008-01-19 09:18 . 2001-08-10 01:01 250,128 --a------ F:\WINDOWS\system32\mspdox35.dll
2008-01-19 09:18 . 2001-08-10 01:01 250,128 --a------ F:\WINDOWS\system32\msexcl35.dll
2008-01-19 09:18 . 1998-06-23 15:00 244,024 --a------ F:\WINDOWS\system32\Msflxgrd.ocx
2008-01-19 09:18 . 1997-01-03 23:00 169,984 --a------ F:\WINDOWS\system32\msltus35.dll
2008-01-19 09:18 . 2001-08-10 01:01 165,648 --a------ F:\WINDOWS\system32\mstext35.dll
2008-01-19 09:17 . 2008-01-19 09:17 <DIR> d-------- F:\ResumeMaker Professional1
2008-01-05 09:11 . 2008-01-05 09:11 0 --a------ F:\Program Files\EXAM.EXE
2008-01-05 09:07 . 2008-01-19 08:57 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2008-01-05 09:07 . 2008-01-05 09:07 <DIR> d-------- F:\Documents and Settings\CapeCod\Application Data\SUPERAntiSpyware.com
2008-01-05 09:07 . 2008-01-05 09:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 09:06 . 2008-01-05 09:06 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 09:00 . 2008-01-05 09:00 <DIR> d-------- F:\Program Files\Trend Micro
2007-12-28 19:52 . 2007-12-28 19:52 <DIR> d-------- F:\Program Files\RcvSystem
2007-12-28 19:48 . 2008-01-19 08:47 <DIR> d-------- F:\ResumeMaker Professional
2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- F:\ResumeMaker
2007-12-15 09:47 . 2007-12-24 10:57 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2007-12-15 09:47 . 2007-12-15 09:47 1,409 --a------ F:\WINDOWS\QTFont.for
2007-12-13 03:05 . 2007-12-13 03:05 118 --a------ F:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 20:13 --------- d-----w F:\Documents and Settings\CapeCod\Application Data\WeatherBug
2008-01-27 23:09 --------- d-----w F:\Program Files\Wal-Mart Music Downloads Store
2008-01-19 17:51 --------- d-----w F:\Program Files\Hewlett-Packard
2008-01-19 13:53 --------- d-----w F:\Program Files\Google
2008-01-12 07:28 --------- d-----w F:\Documents and Settings\CapeCod\Application Data\LimeWire
2007-11-30 23:47 --------- d-----w F:\Program Files\Picasa2
2007-11-30 23:47 --------- d-----w F:\Program Files\LimeWire
2007-11-30 23:46 --------- d-----w F:\Program Files\Common Files\AOL
2007-11-28 00:16 --------- d-----w F:\Documents and Settings\CapeCod\Application Data\Grisoft
2007-11-28 00:08 --------- d-----w F:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-03 21:47 334 ----a-w F:\Program Files\EXAM.TMP
2007-07-15 15:32 284 ----a-w F:\Documents and Settings\CapeCod\Application Data\ViewerApp.dat
2006-06-29 16:42 48 ----a-w F:\Program Files\vssver.scc
2006-06-28 13:12 343,118 ----a-r F:\Program Files\CPCU 510 New.aic
2005-07-15 17:32 222,939 ----a-r F:\Program Files\ARM 55.aic
2005-06-27 15:19 749,568 ------w F:\Program Files\Smart.exe
2005-06-27 15:19 2,583,334 ------w F:\Program Files\ovrviewOBJ.rtf
2005-06-27 15:19 2,583,334 ------w F:\Program Files\ovrviewESS.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="F:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-01-06 09:57 1343488]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 08:08 68856]
"MsgCenterExe"="F:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"MySpaceIM"="F:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56 15360]
"AdobeUpdater"="F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"Uniblue SpeedUpMyPC"="F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-09-10 10:43 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="F:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208]
"igfxhkcmd"="F:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824]
"igfxpers"="F:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688]
"Dell Photo AIO Printer 942"="F:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [ ]
"DellMCM"="F:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [ ]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-02-25 09:53 282624]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"SoundMAXPnP"="F:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"HPDJ Taskbar Utility"="F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 09:43 188416]
"DeviceDiscovery"="F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37 229437]
"SNM"="F:\Program Files\SpyNoMore\SNM.exe" [ ]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"HP Software Update"="F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 15:25 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="F:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 02:57:40 176128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 Viewpoint Manager Service;Viewpoint Manager Service;"F:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 03:40:31 F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-14 01:38:13 F:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 22:40:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Program Files\MySpace\IM\MySpaceIM.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-01-30 22:42:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 03:42:48
.
2008-01-20 08:00:21 --- E O F ---
  • 0

#4
Rorschach112
Posted 31 January 2008 - 09:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Also post a new HijackThis log
  • 0

#5
mmarquez
Posted 31 January 2008 - 10:42 AM

mmarquez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I don't get it... I thought I already had that program?
  • 0

#6
mmarquez
Posted 31 January 2008 - 10:45 AM

mmarquez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have at least five or six programs and that is definitely one of them. Are you saying it is installed incorrectly? I don't understand why I should re-install it? Sorry... I'm just thoroughtly confused now :)
  • 0

#7
Rorschach112
Posted 31 January 2008 - 11:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't reinstall it, I didn't know you had it. Follow the instructions in the post and run a full system scan
  • 0

#8
Rorschach112
Posted 05 February 2008 - 08:28 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP