Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan downloader.xs (?!)

Started by miumiu , Apr 12 2008 10:46 PM

  • Please log in to reply

#1
miumiu
Posted 12 April 2008 - 10:46 PM

miumiu

    New Member

  • Member
  • Pip
  • 1 posts
Hello!
I'm quite new here, and not a geek at all!
It seems the same symptoms appear on my computer as others describe it:
I was getting pop ups saying that my computer is infected with spyware and I need to download a program to secure the problem. My desktop background changed to blue with white text in the middle stating that my computer has several fatal errors due to spyware activity. One of the popups I got had trojandownloader.xs as being the culprit and when I googled the issue, I found this helpful forum.
This thing happened on April 11. 2008. at 11:16
Before I found this forum I have downloaded a few antispyware programs: Spyzooka 2.5 and XoftSpySE, but none of them fixed the problem.
I tried to delete some of the suspicious system32 files that have been created at the same time (April 11. 2008, at 11:16)
(the above two programs report that everything is clean after I did that
BUT the popup remains to reappear every now-and-then.. It's still there! :) :)

I've seen what others did in this forum,
so this is what I've got :
(I hope this will help you to help me)

I went through and followed the instructions before posting.

Here is the ComboFix Log....I also have the HIJackthis log and kaspersky online scan results.

Thank you in advance for any and all help that you can provide.


First the ComboFix Log:

ComboFix 08-04-12.5 - User 2008-04-13 2:52:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.450 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\system\update.exe
C:\WINDOWS\system32\apyoectm.ini
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\XbdMonmp.ini
C:\WINDOWS\system32\XbdMonmp.ini2
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 22:31 . 2008-04-12 22:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-12 21:45 . 2008-04-12 22:23 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-12 21:24 . 2008-04-12 21:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-12 18:56 . 2008-04-12 19:13 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-12 18:06 . 2008-04-12 18:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-12 15:48 . 2008-04-13 02:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-12 15:48 . 2008-04-12 15:49 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-12 15:48 . 2008-04-12 15:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-04-12 15:48 . 2008-04-12 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-12 15:48 . 2008-03-04 16:49 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-12 15:48 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-12 15:48 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-12 15:48 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-12 15:48 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-12 15:15 . 2008-04-12 15:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-12 15:15 . 2008-04-12 15:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-12 14:31 . 2008-04-13 02:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 14:18 . 2008-04-12 14:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC-Cleaner
2008-04-11 11:52 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-11 11:52 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-11 11:16 . 2008-04-11 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wpkfylkp
2008-04-11 11:16 . 2008-04-11 11:16 94,208 --a------ C:\WINDOWS\system32\aduvonsd.exe
2008-04-09 22:16 . 2008-02-20 07:19 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-04-09 22:16 . 2008-02-20 20:49 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-04-06 23:14 . 2008-04-06 23:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:14 . 2008-04-06 23:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-29 14:29 . 2008-03-29 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-29 14:28 . 2008-04-12 22:59 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-03-29 14:28 . 2008-03-29 14:28 <DIR> d-------- C:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-03-29 14:28 . 2008-03-29 14:28 <DIR> d-------- C:\Documents and Settings\User\Application Data\NCH Software
2008-03-29 14:28 . 2008-04-09 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-03-29 14:25 . 2008-04-12 11:55 <DIR> d-------- C:\Program Files\NCH Software
2008-03-22 14:45 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-15 15:48 . 2008-03-15 15:48 331 --a------ C:\WINDOWS\pdf2word.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 00:57 --------- d-----w C:\Program Files\Motivator
2008-04-13 00:55 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-04-12 09:57 --------- d-----w C:\Program Files\MagicISO
2008-04-11 10:16 --------- d-----w C:\Documents and Settings\User\Application Data\ZoomBrowser EX
2008-04-11 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-06 12:03 --------- d-----w C:\Program Files\Flickr Uploadr
2008-04-03 22:40 --------- d-----w C:\Documents and Settings\User\Application Data\Winamp
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-18 18:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 03:18 --------- d-----w C:\Program Files\Desktop Sidebar
2008-02-26 22:32 --------- d-----w C:\Documents and Settings\User\Application Data\Flickr
2008-02-17 13:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-17 13:49 --------- d-----w C:\Documents and Settings\User\Application Data\Thunderbird
2008-02-15 21:18 --------- d-----w C:\Program Files\QuickTime Alternative
2008-02-15 21:18 --------- d-----w C:\Program Files\Apple Software Update
2008-02-15 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-13 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-02-13 04:34 --------- d-----w C:\Program Files\PowerISO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-01-15 04:34 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 12:51 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Motivator"="C:\Program Files\Motivator\Motivator.exe" [2007-05-27 19:33 1098953]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"teodlajr"="C:\WINDOWS\system32\aduvonsd.exe" [2008-04-11 11:16 94208]
"SpyZooka"="C:\Program Files\SpyZooka\SpyZookaLdr.exe" [2007-04-06 21:12 39656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 23:21 472632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 03:47 827392]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 03:36 872448]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 18:12 729088]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 02:34 177456]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-24 22:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-24 22:27 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-24 22:27 137752]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2005-08-25 11:59 344064]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2005-08-25 11:47 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-02-01 00:13 385024]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-11 21:16:38 546816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"xDVnauJd1m"= C:\Documents and Settings\All Users\Application Data\wpkfylkp\sxcpavan.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 23:25 173568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-04 16:49]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20c6b310-c903-11dc-a1eb-001cbf7ae4cc}]
\Shell\AutoRun\command - semo2x.exe
\Shell\explore\Command - semo2x.exe
\Shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214edf82-e397-11dc-a21c-001cbf7ae4cc}]
\Shell\AutoRun\command - H:\TF_ROOT\Skype.exe
\Shell\open\command - H:\TF_ROOT\Skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c910de3a-de28-11dc-a212-001cbf7ae4cc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 17:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 00:56:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-12 20:20:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 02:57:17
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Windows Updates"="c:\\windows\\system\\Update.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"="c:\\windows\\system\\Update.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\Motivator\Library.dll
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2008-04-13 3:00:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 00:59:56
Pre-Run: 22,909,915,136 bytes free
Post-Run: 22,854,463,488 bytes free
.
2008-04-11 10:30:04 --- E O F ---




next is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:23 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\All Users\Application Data\wpkfylkp\sxcpavan.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motivator\Motivator.exe
C:\WINDOWS\system32\aduvonsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\Motivator\Library.dll
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Motivator] C:\Program Files\Motivator\Motivator.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [teodlajr] C:\WINDOWS\system32\aduvonsd.exe
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKCU\..\Run: [rvklstkt] C:\WINDOWS\system32\hkfkxwro.exe
O4 - HKLM\..\Policies\Explorer\Run: [xDVnauJd1m] C:\Documents and Settings\All Users\Application Data\wpkfylkp\sxcpavan.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF26E39C-8DCF-4C10-AE2E-5FB6B396CE09}: NameServer = 77.105.0.18 77.105.0.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10521 bytes


and at last, the result of kaspersky online scanner:
(attachment)

Attached File  Kaspersky_Online_Scan_Result.html   52.67KB   13 downloads


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP