Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antispywareupdates.net problem


  • Please log in to reply

#1
igilmore

igilmore

    New Member

  • Member
  • Pip
  • 2 posts
I've been infected by the antispywareupdates.net problem. I've seen other posts in the forums on this problem.

I haven't ran all the steps in the "You must read this before posting" post, but from reading the other antispywareupdates.net posts, I don't think those tools will fix my problem. I have run AVG and I am running SUPERAntiSpyWare but that scan is taking many hours so I wanted to ask for help here before it finished. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:15 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\SynLM\lmgrd.exe
C:\tera_license\lmgrd.exe
c:\synLM\synd.exe
c:\altera\70\quartus\bin\jtagserver.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Python24\pythonw.exe
C:\Python24\pythonw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.lsi.com/global.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Batco\bat.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SAPGUIFIX] C:\WINDOWS\SAPGUIFIX.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetiLog9x] C:\Program Files\Log9x\log9x.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://scpwlb.ops.p...quicksilver.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123810088024
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.co...e70/OrgPubX.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - file://D:\perreault\j2re-1_4_1_01-windows-i586.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lsilogic.web...bex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\Software\..\Telephony: DomainName = lsi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5D03CA-DBBC-45D0-A742-13FA7216D133}: Domain = lsil.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lsil.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lsil.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lsil.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: FlexLM RapidWorx - Unknown owner - C:\RapidWorx\lsi_rw_4.0\tools\x86-windows-2000\bin\lmgrd.exe (file missing)
O23 - Service: FLEXlm Synplicity - GLOBEtrotter Software Inc. - C:\SynLM\lmgrd.exe
O23 - Service: FLEXlm TeraForm - GLOBEtrotter Software Inc. - C:\tera_license\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\70\quartus\bin\jtagserver.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Quest Resource Updating Agent (Vmover.exe) - Quest Software - C:\WINDOWS\System32\Vmover.exe

--
End of file - 17013 bytes


From the other posts, it looks like the best bet is SmitfraudFix.exe. Should I skip the other steps (like ComboFix and SUPERAntiSpyWare) and just skip to SmitFraudFix?

Any help is greatly appreciated. I will post the results from SUPERAntiSpyWare when it finishes, the ComboFix after that and SmitFraudFix after that.
  • 0

Advertisements


#2
igilmore

igilmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OK - A few of the tools finally finished. I'll post a number of logs:

- SUPERAntiSpyware log
- HijackThis after SAS, before ComboFix
- Combofix log
- HijackThis log after ComboFix.

Please let me know if you see any issues. A lot of the problems have disappeared - the popups appear to be gone and my Task Manager is now enabled. Do I still need to run SmitFraudFix?

SAS log:
SUPERAntiSpyware Scan Log
Generated 03/02/2008 at 07:18 PM

Application Version : 3.6.1000

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 06:19:18

Memory items scanned : 584
Memory threats detected : 1
Registry items scanned : 8215
Registry threats detected : 12
File items scanned : 222921
File threats detected : 34

Rogue.Unclassified/Loader
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
C:\WINDOWS\Prefetch\MGMRWMRV.EXE-03C7337E.pf

Adware.AdBreak
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
C:\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\WINDOWS\FHFMM.EXE
C:\WINDOWS\HCWPRN.EXE
C:\WINDOWS\KKCOMP.DLL
C:\WINDOWS\KKCOMP.EXE
C:\WINDOWS\KVNAB.DLL
C:\WINDOWS\KVNAB.EXE
C:\WINDOWS\LIQAD.DLL
C:\WINDOWS\LIQAD.EXE
C:\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\WINDOWS\LIQUI.DLL
C:\WINDOWS\LIQUI.EXE
C:\WINDOWS\PBSYSIE.DLL
C:\WINDOWS\SETTN.DLL
C:\WINDOWS\WBECHECK.EXE
C:\WINDOWS\XADBRK.DLL
C:\WINDOWS\XADBRK.EXE
C:\WINDOWS\XADBRK_.EXE

411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

Adware.404Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

Adware.Accoona
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

Trojan.PBar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

Adware.Tracking Cookie
C:\Documents and Settings\igilmore\Cookies\[email protected][1].txt

Adware.AdSponsor/ISM
HKU\S-1-5-21-2146980441-1205954163-1982612992-10627\Software\QdrModule
HKU\S-1-5-21-2146980441-1205954163-1982612992-10627\Software\QdrPack
C:\Documents and Settings\igilmore\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\igilmore\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\igilmore\Start Menu\Programs\Internet Speed Monitor

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE

Trace.Known Threat Sources
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHEF0DMB\of_solo_zango_300x250_03_anna[1].swf
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXB0PCBA\yikers_eminems_first_rap_olympics_medium[1].jpg
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\WN5R2MBP\Layout[1].js
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\WN5R2MBP\DetectEnvironment[1].js
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXB0PCBA\BrandDetection[1].js
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\IXB0PCBA\gecv2[1].js
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\X37VHHKA\galleryInit[1].js
C:\Documents and Settings\igilmore\Local Settings\Temp\Temporary Internet Files\Content.IE5\X37VHHKA\lc[1].js


HiJackThis log before ComboFix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:02 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\SynLM\lmgrd.exe
C:\tera_license\lmgrd.exe
c:\altera\70\quartus\bin\jtagserver.exe
c:\synLM\synd.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.lsi.com/global.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Batco\bat.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SAPGUIFIX] C:\WINDOWS\SAPGUIFIX.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetiLog9x] C:\Program Files\Log9x\log9x.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://scpwlb.ops.p...quicksilver.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123810088024
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.co...e70/OrgPubX.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - file://D:\perreault\j2re-1_4_1_01-windows-i586.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lsilogic.web...bex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\Software\..\Telephony: DomainName = lsi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5D03CA-DBBC-45D0-A742-13FA7216D133}: Domain = lsil.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lsil.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lsi.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = lsil.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lsil.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: FlexLM RapidWorx - Unknown owner - C:\RapidWorx\lsi_rw_4.0\tools\x86-windows-2000\bin\lmgrd.exe (file missing)
O23 - Service: FLEXlm Synplicity - GLOBEtrotter Software Inc. - C:\SynLM\lmgrd.exe
O23 - Service: FLEXlm TeraForm - GLOBEtrotter Software Inc. - C:\tera_license\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\70\quartus\bin\jtagserver.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Quest Resource Updating Agent (Vmover.exe) - Quest Software - C:\WINDOWS\System32\Vmover.exe

--
End of file - 17079 bytes

ComboFix Log:
ComboFix 08-03-01.3 - igilmore 2008-03-02 19:37:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1339 [GMT -8:00]
Running from: C:\Documents and Settings\igilmore\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\SYSTEM32\000070.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-03-02 13:51 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-03-02 13:01 . 2008-03-02 14:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-02 13:01 . 2008-03-02 13:01 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-02 13:01 . 2008-03-02 13:01 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-02 13:01 . 2008-03-02 13:01 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-02 12:55 . 2008-03-02 19:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-02 12:55 . 2008-03-02 12:55 <DIR> d-------- C:\Documents and Settings\igilmore\Application Data\SUPERAntiSpyware.com
2008-03-02 12:55 . 2008-03-02 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-02 12:54 . 2008-03-02 12:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 09:13 . 2008-03-02 09:13 <DIR> d-------- C:\Documents and Settings\LSIUser\Application Data\Grisoft
2008-03-02 08:53 . 2008-03-02 08:53 <DIR> d-------- C:\Documents and Settings\igilmore\Application Data\Grisoft
2008-03-02 08:52 . 2008-03-02 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-02 08:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-02 08:26 . 2008-03-02 08:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 20:10 . 2008-03-01 20:09 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-01 20:10 . 2008-03-01 20:10 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-01 19:48 . 2008-03-01 19:48 <DIR> d-------- C:\Documents and Settings\LSIUser\Application Data\Funk Software
2008-03-01 18:17 . 2008-03-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-01 18:17 . 2008-03-01 18:17 4 --a------ C:\WINDOWS\SYSTEM32\winfrun32.bin
2008-03-01 18:16 . 2008-03-02 13:38 <DIR> d-------- C:\Program Files\Batco
2008-02-22 10:36 . 2008-02-22 10:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\VMoverData
2008-02-22 09:40 . 2008-01-30 13:24 467,136 --a------ C:\WINDOWS\SYSTEM32\vmover.ini
2008-02-20 13:26 . 2006-10-06 18:41 136,824 --a------ C:\WINDOWS\SYSTEM32\fixProf.exe
2008-02-20 13:25 . 2007-07-03 18:28 759,064 --a------ C:\WINDOWS\SYSTEM32\Vmover.exe
2008-02-13 09:37 . 2008-02-13 09:37 262,144 --a------ C:\WINDOWS\SYSTEM32\default_user_class.dat
2008-02-08 17:45 . 2008-02-08 17:45 <DIR> d-------- C:\Documents and Settings\igilmore\Application Data\Move Networks
2008-02-08 11:08 . 2008-02-08 11:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-07 15:50 . 2008-02-07 15:50 <DIR> d-------- C:\Documents and Settings\igilmore\Application Data\Autodesk
2008-02-07 15:49 . 2008-02-07 15:51 <DIR> d-------- C:\Program Files\DWG TrueView 2008
2008-02-07 15:49 . 2008-03-02 13:40 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-07 15:49 . 2008-02-07 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-02-07 15:40 . 2008-02-07 15:40 <DIR> d-------- C:\install

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 03:48 --------- d-----w C:\Program Files\BOINC
2008-03-02 22:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-02 22:10 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-03-02 22:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-03-02 22:10 --------- d-----w C:\Program Files\iTunes
2008-03-02 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 21:42 --------- d-----w C:\Program Files\Connected
2008-03-02 21:42 --------- d-----w C:\Program Files\Common Files\Funk Software
2008-03-02 21:41 --------- d-----w C:\Program Files\UPHClean
2008-03-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-02 21:40 --------- d-----w C:\Program Files\SmartFTP
2008-03-02 21:40 --------- d-----w C:\Program Files\Apoint
2008-03-02 21:39 --------- d-----w C:\Program Files\SpeedswitchXP
2008-03-02 21:39 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-02 21:39 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-02 06:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 00:31 --------- d-----w C:\Program Files\Trillian
2008-02-26 17:12 --------- d-----w C:\Documents and Settings\igilmore\Application Data\webex
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-12 18:16 491,599 ----a-w C:\WINDOWS\SYSTEM32\odGinaLibrary.dll
2007-12-12 18:16 143,427 ----a-w C:\WINDOWS\SYSTEM32\odyGina.dll
2007-12-12 18:16 122,949 ----a-w C:\WINDOWS\SYSTEM32\odyEvent.dll
2007-12-07 14:37 3,059,200 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\oleaut32.dll
2006-01-01 06:43 24,192 ----a-w C:\Documents and Settings\igilmore\usbsermptxp.sys
2006-01-01 06:43 22,768 ----a-w C:\Documents and Settings\igilmore\usbsermpt.sys
2005-07-15 19:08 7,727 ----a-w C:\Program Files\InCyte_InstallLog.log
2005-06-29 15:33 13,824 ----a-w C:\Documents and Settings\igilmore\atwbxdet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-02-04 11:33 401408 --a------ C:\Program Files\Batco\bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82E5E2FF-9260-4d88-B0C6-7CC358C5D418}]
C:\Program Files\QdrDrive\QdrDrive11.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetiLog9x"="C:\Program Files\Log9x\log9x.exe" [ ]
"SpeedswitchXP"="C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe" [2004-05-13 16:30 491520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-10 21:07 147456]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2002-12-17 18:16 360448]
"bascstray"="BascsTray.exe" []
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 08:18 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 10:28 684032]
"SAPGUIFIX"="C:\WINDOWS\SAPGUIFIX.EXE" [2003-07-28 13:48 111180]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 02:42 36864]
"RIS2PostReboot"="" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 05:21 94208]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2007-03-16 17:52 1028160]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 15:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 15:15 600896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-03-21 08:38:03 25214]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-07-31 08:07:01 1385400]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-10-29 12:19:02 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 00:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
odyEvent.dll 2007-12-12 10:16 122949 C:\WINDOWS\SYSTEM32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\NeverwinterNights\\NWN\\nwupdate.exe"=
"C:\\Program Files\\Alias\\Maya 6.0 Personal Learning Edition\\bin\\maya.exe"=
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:TCP"= 2967:TCP:Symantec AntiVirus CE TCP Port 2967

R0 odFips;odFips;C:\WINDOWS\system32\drivers\odFips.sys [2006-01-23 16:19]
R2 FLEXlm Synplicity;FLEXlm Synplicity;C:\SynLM\lmgrd.exe [2002-02-12 18:29]
R2 FLEXlm TeraForm;FLEXlm TeraForm;C:\tera_license\lmgrd.exe [2003-12-17 18:46]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2006-12-11 09:12]
R2 mple6docserver;Maya 6 PLE Documentation Server;"C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf" []
R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys [2006-11-14 08:49]
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-08 11:13]
S2 FlexLM RapidWorx;FlexLM RapidWorx;C:\RapidWorx\lsi_rw_4.0\tools\x86-windows-2000\bin\lmgrd.exe []
S3 atm6124;atm6124.Sys ATMEL USB SAMBA Driver;C:\WINDOWS\system32\Drivers\atm6124.sys [2006-06-14 08:34]
S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [2007-03-16 16:33]
S3 gel90xne;gel90xne;C:\DOCUME~1\igilmore\LOCALS~1\Temp\gel90xne.sys []
S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 15:44]
S3 OEMSTOR;USB Mass Storage;C:\WINDOWS\system32\DRIVERS\USBMSDk.SYS [2002-07-03 08:05]
S3 RDID1061;EDIROL UA-4FX;C:\WINDOWS\system32\Drivers\rdwm1061.sys [2005-07-25 17:22]
S3 SCD20XRN;SCD20XRN;C:\DOCUME~1\igilmore\LOCALS~1\Temp\SCD20XRN.SYS []
S3 Vmover.exe;Quest Resource Updating Agent;C:\WINDOWS\System32\Vmover.exe [2007-07-03 18:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9472aacc-99f3-11db-9be9-00904b195396}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d44405-c06d-11dc-9c38-00904b195396}]
\Shell\AutoRun\command - F:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 19:48:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\CSGina.dll
.
Completion time: 2008-03-02 19:51:56
ComboFix-quarantined-files.txt 2008-03-03 03:51:52
.
2008-02-19 23:00:25 --- E O F ---

HiJackThis after Combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-03-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\SynLM\lmgrd.exe
C:\tera_license\lmgrd.exe
c:\altera\70\quartus\bin\jtagserver.exe
c:\synLM\synd.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.lsi.com/global.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Batco\bat.dll
O2 - BHO: BndAero6 IE Helper - {82E5E2FF-9260-4d88-B0C6-7CC358C5D418} - C:\Program Files\QdrDrive\QdrDrive11.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SAPGUIFIX] C:\WINDOWS\SAPGUIFIX.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetiLog9x] C:\Program Files\Log9x\log9x.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://scpwlb.ops.p...quicksilver.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123810088024
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.co...e70/OrgPubX.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - file://D:\perreault\j2re-1_4_1_01-windows-i586.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP