Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New strain of Vundo? Hijack this included [RESOLVED]

Started by tom.a.gill , Jul 27 2008 05:07 PM

  • This topic is locked This topic is locked

#16
tom.a.gill
Posted 28 July 2008 - 10:23 AM

tom.a.gill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
VirScan.org Results:
VirSCAN.org Scanned Report :
Scanned time : 2008/07/28 12:20:42 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : GoogleUpdate.exe
File Size : 119280 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 314a57e29aa6a481d90ea29d3e5b0310
SHA1 : ae161d9d305aedb959fc3fc68531937b30abf288
Online report : http://virscan.org/r...f177adbcd7.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.27 2008-07-27 2.38 -
AhnLab V3 2008.07.28.01 2008.07.28 2008-07-28 0.85 -
AntiVir 7.8.1.12 7.0.5.182 2008-07-28 2.15 -
Arcavir 1.0.5 200807281039 2008-07-28 1.20 -
AVAST! 3.0.1 080728-0 2008-07-28 0.01 -
AVG 7.5.51.442 270.5.6/1577 2008-07-28 1.50 -
BitDefender 7.60825.1406145 7.20240 2008-07-28 2.63 -
CA (VET) 9.0.0.143 31.6.5990 2008-07-28 0.62 -
ClamAV 0.93.3 7865 2008-07-28 0.03 -
Comodo 2.11 2.0.0.599 2008-07-28 0.41 -
CP Secure 1.1.0.715 2008.07.26 2008-07-26 5.56 -
Dr.Web 4.44.0.9170 2008.07.28 2008-07-28 3.03 -
ewido 4.0.0.2 2008.07.28 2008-07-28 2.31 -
F-Prot 4.4.4.56 20080728 2008-07-28 1.29 -
F-Secure 5.51.6100 2008.07.28.05 2008-07-28 0.05 -
Fortinet 2.81-3.11 9.358 2008-07-27 1.65 -
ViRobot 20080728 2008.07.28 2008-07-28 0.40 -
Ikarus T3.1.01.34 2008.07.28.71176 2008-07-28 3.21 -
JiangMin 11.0.706 2008.07.28 2008-07-28 1.16 -
Kaspersky 5.5.10 2008.07.28 2008-07-28 0.04 -
KingSoft 2008.1.14.15 2008.7.28.17 2008-07-28 0.53 -
McAfee 5.2.00 5348 2008-07-28 2.42 -
Microsoft 1.3704 2008.07.28 2008-07-28 5.07 -
mks_vir 2.01 2008.07.28 2008-07-28 2.54 -
Norman 5.93.01 5.93.00 2008-07-28 4.77 -
Panda 9.05.01 2008.07.27 2008-07-27 2.15 -
Trend Micro 8.700-1004 5.438.04 2008-07-28 0.03 -
Quick Heal 9.50 2008.07.28 2008-07-28 1.87 -
Rising 20.0 20.55.02.00 2008-07-28 0.76 -
Sophos 2.75.4 4.31 2008-07-28 1.91 -
Sunbelt 3.1.1536.1 2166 2008-07-25 0.40 -
Symantec 1.3.0.24 20080727.004 2008-07-27 0.05 -
nProtect 2008-07-28.00 1721581 2008-07-28 3.71 -
The Hacker 6.2.96 v00389 2008-07-24 0.40 -
VBA32 3.12.8.1 20080728.0803 2008-07-28 1.23 -
VirusBuster 4.5.11.10 10.82.25/596881 2008-07-28 0.88 -
  • 0

Advertisements

#17
fenzodahl512
Posted 28 July 2008 - 10:25 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
OK.. waiting your Malwarebytes' and DSS result.. :)

Edited by fenzodahl512, 28 July 2008 - 10:25 AM.

  • 0

#18
tom.a.gill
Posted 28 July 2008 - 05:26 PM

tom.a.gill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malware log:
Malwarebytes' Anti-Malware 1.23
Database version: 1001
Windows 6.0.6001 Service Pack 1

7:25:18 PM 7/28/2008
mbam-log-7-28-2008 (19-25-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195664
Time elapsed: 2 hour(s), 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Google\Google Calendar Sync\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\HijackThis\backups\backup-20080727-164627-384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\HijackThis\backups\backup-20080727-164627-989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\HijackThis\backups\backup-20080727-165108-610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\HijackThis\backups\backup-20080727-165123-141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\cuhv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\xxdxsn.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\bvdnwedb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\jkkjifGA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\winupdate.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{2302540C-9E63-49B5-A3FB-27D33770F4A1}\RP12\A0007989.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Downloads\torrents\Applications\Adobe.Acrobat.8.Professional -crack-Vista x64 x86-HeartBug\Crack\Adobe Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  • 0

#19
tom.a.gill
Posted 28 July 2008 - 05:33 PM

tom.a.gill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
DSS Log:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-28 19:26:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.92 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-28 19:29:53
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\dss.exe
C:\Program Files\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com...103.3/TSWeb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d8e04ad8f56d) (gupdate1c8d8e04ad8f56d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 9723 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 12:21:25 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-28 12:21:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 11:22:57 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 09:54:23 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-28 08:29:40 68096 --a------ C:\Windows\zip.exe
2008-07-28 08:29:40 49152 --a------ C:\Windows\VFind.exe
2008-07-28 08:29:40 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 08:29:40 98816 --a------ C:\Windows\sed.exe
2008-07-28 08:29:40 80412 --a------ C:\Windows\grep.exe
2008-07-28 08:29:40 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 08:29:33 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-26 21:01:15 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-26 20:30:37 5702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-07-26 18:05:28 145 --a------ C:\Windows\system32\winver.bat
2008-07-26 16:42:01 0 d-------- C:\Windows\system32\appmgmt
2008-07-25 19:02:03 0 d-------- C:\Program Files\Live Mesh
2008-07-24 19:44:34 0 d-------- C:\Program Files\Orca
2008-07-15 17:51:53 0 d-------- C:\Program Files\cryptload
2008-07-11 23:22:24 0 d-------- C:\Users\All Users\Last.fm
2008-07-11 23:21:53 0 d-------- C:\Program Files\Last.fm
2008-07-06 21:54:53 0 d-------- C:\Program Files\Twessenger
2008-07-06 18:38:58 0 d-------- C:\Program Files\Vista Rainbar
2008-07-06 13:48:33 0 d-------- C:\Windows\Sun
2008-07-04 21:00:01 57344 --a------ C:\Windows\system32\CiAPI.dll <Not Verified; Palm, Inc.; Palm CDK>
2008-07-04 21:00:01 122880 --a------ C:\Windows\ctpu.exe <Not Verified; Beiks, LLC; Pilot Catapult>
2008-07-04 21:00:00 0 d-------- C:\Program Files\TapTarget.com
2008-07-04 20:59:48 57344 --a------ C:\Windows\ResENU.dll <Not Verified; Beiks, LLC; Pilot Catapult>
2008-07-04 17:39:46 0 d-------- C:\temp
2008-07-04 16:53:31 0 d-------- C:\Program Files\SplashData
2008-07-03 17:26:46 0 d-------- C:\Program Files\QTTabbar
2008-07-03 13:02:41 0 d-------- C:\Program Files\Common Files\GeoVid
2008-07-03 13:02:40 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-07-03 13:02:40 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-07-03 13:02:40 0 d-------- C:\Users\All Users\GeoVid
2008-07-03 13:02:39 1712128 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-03 13:02:39 60416 --a------ C:\Windows\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-03 13:00:08 0 d-------- C:\Program Files\GeoVid
2008-06-29 18:05:00 0 d-------- C:\Program Files\zSuite
2008-06-29 13:20:49 0 d-------- C:\Program Files\ThatLook
2008-06-29 13:20:47 297472 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-29 13:20:44 0 -rahs---- C:\MSDOS.SYS
2008-06-29 13:20:44 0 -rahs---- C:\IO.SYS
2008-06-29 12:58:02 0 d-------- C:\Program Files\VPSS
2008-06-28 11:24:17 0 d-------- C:\Users\Administrator\.thumbnails
2008-06-28 11:21:37 0 d-------- C:\Users\Administrator\.gimp-2.4
2008-06-28 11:20:52 0 d-------- C:\Program Files\GIMP-2.0
2008-06-28 01:32:11 0 d-------- C:\Users\All Users\Google


-- Find3M Report ---------------------------------------------------------------

2008-07-28 12:21:30 0 d-------- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2008-07-28 11:30:59 0 d-------- C:\Program Files\Common Files
2008-07-28 10:46:25 0 d-------- C:\Users\Administrator\AppData\Roaming\uTorrent
2008-07-28 09:59:40 0 d-------- C:\Users\Administrator\AppData\Roaming\Adobe
2008-07-28 09:51:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-26 15:40:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-24 19:45:32 0 d-------- C:\Users\Administrator\AppData\Roaming\Orca Profiles
2008-07-24 17:10:24 0 d-------- C:\Program Files\Google
2008-07-12 12:25:13 0 d-------- C:\Users\Administrator\AppData\Roaming\Twessenger
2008-07-12 08:04:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-12 08:04:11 0 d-------- C:\Program Files\Palm
2008-07-12 08:03:14 0 d-------- C:\Users\Administrator\AppData\Roaming\Flock
2008-07-10 03:12:24 0 d-------- C:\Program Files\Windows Mail
2008-07-08 22:07:06 0 d-------- C:\Program Files\Picasa2
2008-07-03 13:36:21 0 d-------- C:\Users\Administrator\AppData\Roaming\GeoVid
2008-06-30 20:26:15 0 d-------- C:\Users\Administrator\AppData\Roaming\gtk-2.0
2008-06-27 21:22:13 0 d-------- C:\Program Files\Rosetta Stone
2008-06-27 21:13:29 0 d-------- C:\Program Files\Nero
2008-06-27 21:06:02 0 d-------- C:\Users\Administrator\AppData\Roaming\Nero
2008-06-27 21:03:24 0 d-------- C:\Program Files\Common Files\Nero
2008-06-26 09:57:21 0 d-------- C:\Program Files\Bonjour
2008-06-26 09:44:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-25 23:34:06 662 --ah----- C:\os049389.bin
2008-06-25 20:50:49 0 d-------- C:\Program Files\Common Files\Vbox
2008-06-25 20:04:34 0 d-------- C:\Program Files\%temp&
2008-06-25 19:54:38 0 d-------- C:\Users\Administrator\AppData\Roaming\ESET
2008-06-24 23:41:55 156380 --ah----- C:\Windows\system32\mlfcache.dat
2008-06-24 00:28:15 0 d-------- C:\Program Files\Logitech
2008-06-24 00:25:16 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-24 00:25:02 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-24 00:23:59 0 d-------- C:\Program Files\QuickCam
2008-06-23 23:37:11 222 --ah----- C:\Windows\sysreg.dat
2008-06-23 19:42:10 0 d-------- C:\Users\Administrator\AppData\Roaming\Notepad++
2008-06-23 18:10:28 0 d-------- C:\Program Files\Notepad++
2008-06-23 16:59:05 0 d-------- C:\Program Files\Java
2008-06-23 16:55:15 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 16:20:10 0 d-------- C:\Users\Administrator\AppData\Roaming\GetRightToGo
2008-06-23 13:58:09 0 d-------- C:\Program Files\1Time
2008-06-22 20:42:09 0 d-------- C:\Users\Administrator\AppData\Roaming\MessengerGadget
2008-06-22 19:50:53 0 d-------- C:\Program Files\1Click DVD Copy Pro
2008-06-22 19:07:18 0 d-------- C:\Users\Administrator\AppData\Roaming\Vso
2008-06-22 19:07:18 34 --a------ C:\Users\Administrator\AppData\Roaming\pcouffin.log
2008-06-22 19:06:43 7887 --a------ C:\Users\Administrator\AppData\Roaming\pcouffin.cat
2008-06-22 01:10:09 0 d-------- C:\Program Files\Real Alternative
2008-06-22 01:10:06 0 d-------- C:\Users\Administrator\AppData\Roaming\Real
2008-06-22 00:34:52 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-21 18:47:44 0 d-------- C:\Users\Administrator\AppData\Roaming\muvee Technologies
2008-06-21 11:01:13 0 d-------- C:\Program Files\Cucusoft
2008-06-21 10:27:00 0 d-------- C:\Program Files\QuickTime
2008-06-21 10:24:33 0 d-------- C:\Program Files\Apple Software Update
2008-06-21 10:21:50 74 --a------ C:\autoexec.bat
2008-06-21 10:21:04 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-21 10:20:29 0 d-------- C:\Program Files\muvee Technologies
2008-06-19 03:01:04 0 d-------- C:\Program Files\MSXML 4.0
2008-06-19 02:30:17 0 d-------- C:\Program Files\Palm Inc
2008-06-19 02:24:41 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-19 02:07:39 0 d-------- C:\Users\Administrator\AppData\Roaming\Arcsoft
2008-06-19 02:06:48 0 d-------- C:\Users\Administrator\AppData\Roaming\HotSync
2008-06-19 01:45:57 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-19 01:33:58 0 d-------- C:\Users\Administrator\AppData\Roaming\WinRAR
2008-06-18 23:07:55 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-18 22:15:49 0 d-------- C:\Program Files\Windows Live
2008-06-18 22:15:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-17 08:04:14 0 d-------- C:\Users\Administrator\AppData\Roaming\Mozilla
2008-06-16 21:40:34 0 d-------- C:\Program Files\Microsoft Games
2008-06-16 21:15:26 0 d-------- C:\Program Files\CONEXANT
2008-06-16 20:38:42 0 d-------- C:\Program Files\Hawking
2008-06-16 18:47:37 0 d-------- C:\Program Files\Evernote
2008-06-16 18:47:22 0 d-------- C:\Users\Administrator\AppData\Roaming\InstallShield
2008-06-16 18:24:38 0 d-------- C:\Program Files\Zune
2008-06-16 18:21:19 0 d-------- C:\Program Files\uTorrent
2008-06-16 18:03:05 0 d-------- C:\Users\Administrator\AppData\Roaming\Intel
2008-06-16 18:02:56 56 --a------ C:\Windows\system32\IHV_Install.bat
2008-06-16 18:02:42 0 d-------- C:\Program Files\PROnetworks
2008-06-16 18:01:47 0 d-------- C:\Program Files\Intel
2008-06-16 17:33:59 0 d-------- C:\Users\Administrator\AppData\Roaming\Launchy
2008-06-16 17:33:53 0 d-------- C:\Program Files\Launchy
2008-06-16 17:32:01 0 d-------- C:\Program Files\RocketDock
2008-06-16 17:31:04 0 d-------- C:\Users\Administrator\AppData\Roaming\Macromedia
2008-06-16 17:31:00 1160 --a------ C:\Windows\mozver.dat
2008-06-16 17:18:36 0 d-------- C:\Users\Administrator\AppData\Roaming\Identities
2008-06-16 17:09:24 0 d-------- C:\Program Files\MSBuild
2008-06-16 17:05:57 0 d-------- C:\Program Files\Microsoft Works
2008-06-16 17:05:04 0 d-------- C:\Program Files\Microsoft.NET
2008-06-16 16:52:15 0 --a------ C:\Windows\nsreg.dat
2008-06-16 15:05:17 0 d-------- C:\Program Files\7-Zip
2008-06-16 15:04:35 0 d-------- C:\Program Files\Stardock
2008-06-16 14:58:59 174 --ahs---- C:\Program Files\desktop.ini
2008-06-16 14:56:41 0 --a------ C:\Windows\system32\atiicdxx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 04:58 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [7/28/2008 10:29:06 AM]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"=0 (0x0)
"EnableInstallerDetection"=0 (0x0)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll [04/05/2008 06:04 AM 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc

*Newly Created Service* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-07-28 19:30:29 ------------
  • 0

#20
fenzodahl512
Posted 28 July 2008 - 07:57 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Good news.. Your logs look clean to my eyes...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



NEXT


I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




NEXT


Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#21
tom.a.gill
Posted 28 July 2008 - 08:05 PM

tom.a.gill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hey man.. thanks for the help.. you put a lot of time in this.. and its greatly apprieciated.. and thats just for me.. if you do this for others.. thats really cool of you..

thanks..

oh.. if my router has a firewall.. should i firewall my individual pc as well? i didnt think it was overly necassary... granted this happened.. but i think its cause i was slack and didnt have a spyware running. (yeah i know) ..

thanks again
  • 0

#22
fenzodahl512
Posted 28 July 2008 - 08:47 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts

hey man.. thanks for the help.. you put a lot of time in this.. and its greatly apprieciated.. and thats just for me.. if you do this for others.. thats really cool of you..

thanks..

oh.. if my router has a firewall.. should i firewall my individual pc as well? i didnt think it was overly necassary... granted this happened.. but i think its cause i was slack and didnt have a spyware running. (yeah i know) ..

thanks again



I'd recommend you to install a software firewall.. Since it is resolved, I'm gonna close this topic :)
  • 0

#23
fenzodahl512
Posted 28 July 2008 - 08:47 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP