Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud-C.MSVPS [RESOLVED]

Started by Sometimes needs help , Jan 02 2008 11:40 AM

  • This topic is locked This topic is locked

#1
Sometimes needs help
Posted 02 January 2008 - 11:40 AM

Sometimes needs help

    Member

  • Banned
  • PipPip
  • 81 posts
I usually help people out by fixing viruses. But this time I need some help. I have a virus called Smitfraud-C.MSVPS. I have tried the Smitfraudfix.exe to remove this but it didn't work. I have many virus programs so I can give you as many logs as you would like. I will hopefully be helping more people after I get this fixed. So tell me what I need to do please.


Thanks,
Michael

Edited by Sometimes needs help, 02 January 2008 - 11:43 AM.

  • 0

Advertisements

#2
Sometimes needs help
Posted 02 January 2008 - 12:03 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Well since this might help, here's a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:30 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: BDEX System - {3DAF1739-AB9E-493E-8DD7-F65CDF363BCB} - C:\WINDOWS\domnftwqpd.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PGsurfer] C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...fix/tgctlsr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: alxvdvm - {C9545BF7-9EE1-46C4-8205-AC415EE6FF1E} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {E13039AE-FDA1-433F-856D-64E3B066D75D} - C:\WINDOWS\bvtqfvx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: PctrlsInjectService - ParetoLogic - C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9197 bytes

Edited by Sometimes needs help, 02 January 2008 - 12:08 PM.

  • 0

#3
Rorschach112
Posted 02 January 2008 - 12:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
  • 0

#4
Sometimes needs help
Posted 02 January 2008 - 12:22 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Ok, I'll hook my internet back up to the internet and I'll post A.S.A.P.
I'm not exactly sure if thats it, but PGSurfer is a good virus program that has won a few awards.

Edited by Sometimes needs help, 02 January 2008 - 12:24 PM.

  • 0

#5
Sometimes needs help
Posted 02 January 2008 - 01:14 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Ok, sorry about the delay, when I hook up my computer that has the virus, my cable modem starts flashing, I don't have that good of a signal. I can do about anything that you can download
  • 0

#6
Rorschach112
Posted 02 January 2008 - 01:43 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You can ignore my steps concerning C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe then

If you can't get online with your PC, you will need to use a USB flash key or something and transfer these programs over.

So once you have done that, post the ComboFix log
  • 0

#7
Sometimes needs help
Posted 02 January 2008 - 01:50 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
I kind of have a problem... I cannot turn off Norton 360. There is no button so I can turn it off, do you have any clue how to?
  • 0

#8
Rorschach112
Posted 02 January 2008 - 01:53 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ignore that step then and continue on with the rest of it
  • 0

#9
Sometimes needs help
Posted 02 January 2008 - 01:54 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Ok... I'm going to go run it then
  • 0

#10
Sometimes needs help
Posted 02 January 2008 - 02:27 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Ok, This is what I got for a file...

ComboFix 08-01-03.1 - HP_Owner 2008-01-02 14:03:05.1 - NTFSx86
Running from: G:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\domnftwqpd.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-02 13:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-01 17:53 . 2008-01-01 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-01 15:43 . 2008-01-02 11:37 3,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-01 15:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-01 15:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-01 15:38 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-01 15:38 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-01 15:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-01 15:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-01 15:16 . 2008-01-01 15:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-01 15:12 . 2008-01-01 16:12 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-01 15:12 . 2008-01-01 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 15:11 . 2008-01-01 15:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-01 15:11 . 2008-01-01 15:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-01-01 01:30 . 2008-01-02 12:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 01:30 . 2008-01-01 01:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 14:45 . 2008-01-01 01:38 <DIR> d-------- C:\Program Files\Norton 360
2007-12-31 14:44 . 2007-12-31 15:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 14:44 . 2007-12-31 15:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-31 14:44 . 2007-12-31 15:50 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 14:44 . 2007-12-31 15:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 21:59 . 2007-12-30 21:59 85 --a------ C:\WINDOWS\wininit.ini
2007-12-30 20:17 . 2007-12-30 20:17 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-30 20:17 . 2007-12-30 20:17 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 15:41 . 2008-01-01 15:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 15:39 . 2007-12-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 15:32 . 2007-12-30 15:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2007-12-30 15:31 . 2007-12-30 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 15:31 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-30 13:26 . 2007-12-30 13:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-25 20:21 . 2007-12-25 20:21 <DIR> dr-h----- C:\Documents and Settings\HP_Owner\Application Data\SecuROM
2007-12-25 20:21 . 2007-12-25 20:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:12 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-01-02 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 21:50 --------- d-----w C:\Program Files\Symantec
2007-12-31 00:51 4,004 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-30 15:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\U3
2007-12-29 14:41 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 02:12 --------- d-----w C:\Program Files\EA GAMES
2007-12-22 14:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-20 01:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\dvdcss
2007-11-19 23:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-19 21:50 --------- d-----w C:\Program Files\Xilisoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 23:02 --------- d-----w C:\Program Files\iTunes
2007-11-08 23:02 --------- d-----w C:\Program Files\iPod
2007-11-08 23:00 --------- d-----w C:\Program Files\QuickTime
2007-11-04 16:40 --------- d-----w C:\Program Files\LimeWire
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 21:05 81,920 ----a-w C:\WINDOWS\system32\LSPConfig.dll
2007-10-25 21:05 303,104 ----a-w C:\WINDOWS\system32\WebController.dll
2007-10-25 21:03 8,704 ----a-w C:\WINDOWS\system32\SpOrder.Dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 13:24 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 15:03 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 11:10 57344]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 07:47 61440]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:54 116072]
"PGsurfer"="C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe" [2007-10-25 15:07 2340192]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 15:33:32]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PctrlsInjectService]
@="Service"

R2 PctrlsInjectService;PctrlsInjectService;C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe [2007-10-25 15:04]
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2006-05-02 12:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5807d726-e549-11db-a579-0011d81a0609}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:46:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 23:57:13 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 14:21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 14:22:08
ComboFix-quarantined-files.txt 2008-01-03 20:22:05
.
2007-12-12 19:19:58 --- E O F ---


EDIT/QUESTION: I ran it from my flash drive on accident, is this going to make a difference?

Edited by Sometimes needs help, 02 January 2008 - 03:02 PM.

  • 0

Advertisements

#11
Rorschach112
Posted 02 January 2008 - 03:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post a new HijackThis log please
  • 0

#12
Sometimes needs help
Posted 02 January 2008 - 03:12 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
I made a new Hijackthis log, here it is:
ComboFix 08-01-03.1 - HP_Owner 2008-01-02 14:03:05.1 - NTFSx86
Running from: G:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\domnftwqpd.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-02 13:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-01 17:53 . 2008-01-01 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-01 15:43 . 2008-01-02 11:37 3,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-01 15:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-01 15:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-01 15:38 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-01 15:38 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-01 15:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-01 15:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-01 15:16 . 2008-01-01 15:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-01 15:12 . 2008-01-01 16:12 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-01 15:12 . 2008-01-01 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 15:11 . 2008-01-01 15:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-01 15:11 . 2008-01-01 15:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-01-01 01:30 . 2008-01-02 12:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 01:30 . 2008-01-01 01:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 14:45 . 2008-01-01 01:38 <DIR> d-------- C:\Program Files\Norton 360
2007-12-31 14:44 . 2007-12-31 15:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 14:44 . 2007-12-31 15:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-31 14:44 . 2007-12-31 15:50 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 14:44 . 2007-12-31 15:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 21:59 . 2007-12-30 21:59 85 --a------ C:\WINDOWS\wininit.ini
2007-12-30 20:17 . 2007-12-30 20:17 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-30 20:17 . 2007-12-30 20:17 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 15:41 . 2008-01-01 15:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 15:39 . 2007-12-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 15:32 . 2007-12-30 15:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2007-12-30 15:31 . 2007-12-30 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 15:31 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-30 13:26 . 2007-12-30 13:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-25 20:21 . 2007-12-25 20:21 <DIR> dr-h----- C:\Documents and Settings\HP_Owner\Application Data\SecuROM
2007-12-25 20:21 . 2007-12-25 20:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:12 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-01-02 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 21:50 --------- d-----w C:\Program Files\Symantec
2007-12-31 00:51 4,004 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-30 15:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\U3
2007-12-29 14:41 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 02:12 --------- d-----w C:\Program Files\EA GAMES
2007-12-22 14:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-20 01:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\dvdcss
2007-11-19 23:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-19 21:50 --------- d-----w C:\Program Files\Xilisoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 23:02 --------- d-----w C:\Program Files\iTunes
2007-11-08 23:02 --------- d-----w C:\Program Files\iPod
2007-11-08 23:00 --------- d-----w C:\Program Files\QuickTime
2007-11-04 16:40 --------- d-----w C:\Program Files\LimeWire
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 21:05 81,920 ----a-w C:\WINDOWS\system32\LSPConfig.dll
2007-10-25 21:05 303,104 ----a-w C:\WINDOWS\system32\WebController.dll
2007-10-25 21:03 8,704 ----a-w C:\WINDOWS\system32\SpOrder.Dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 13:24 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 15:03 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 11:10 57344]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 07:47 61440]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:54 116072]
"PGsurfer"="C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe" [2007-10-25 15:07 2340192]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 15:33:32]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PctrlsInjectService]
@="Service"

R2 PctrlsInjectService;PctrlsInjectService;C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe [2007-10-25 15:04]
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2006-05-02 12:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5807d726-e549-11db-a579-0011d81a0609}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:46:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 23:57:13 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 14:21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 14:22:08
ComboFix-quarantined-files.txt 2008-01-03 20:22:05
.
2007-12-12 19:19:58 --- E O F ---
  • 0

#13
Rorschach112
Posted 02 January 2008 - 03:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Thats the ComboFix log, the HijackThis log is the program you ran at the start. Can you run that again and post the log
  • 0

#14
Sometimes needs help
Posted 02 January 2008 - 03:16 PM

Sometimes needs help

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 81 posts
Sorry, I double clicked the wrong thing, here is the real thing, I'm sure this time....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:35 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PGsurfer] C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O10 - Unknown file in Winsock LSP: webcontroller.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...fix/tgctlsr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: PctrlsInjectService - ParetoLogic - C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9701 bytes
  • 0

#15
Rorschach112
Posted 02 January 2008 - 03:21 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

You need to disable TeaTimer as it is conflicting with SpywareGuard


please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me how your PC is running
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP