Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

Hit by Antivirus XP 2008

Register
CJ MOTM Competition

Register

   Default  

Hit by Antivirus XP 2008



Adsense
Adsense

 
 
Old 5th Jul 2008, 08:54
Full Member
Posts: 85
 
Hi guys..I just opened an email and got hit with a Antivirus XP 2008 virus. Cant get rid of it. Any help much appreciated..


 
Old 5th Jul 2008, 09:13
Moderator
Posts: 7,841
 
Start HERE

Post the logs when complete.
__________________
 
Old 5th Jul 2008, 09:34
Full Member
Posts: 85
 
Sorry mate I dont understand..What do you want me to do with it all?
 
Old 5th Jul 2008, 09:44
Administrator
Posts: 10,512
 
Take the time to read it and then run the software and post the log files so we can see what is going on with your PC.
__________________

Visit our travel sister site - Travel Fans
__________________

My System: Hybr!d

Processor(s):
AMD Turion 64 x2 TL-64 2.
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Inte
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin
Monitor(s):
17" WXGA+ HD Widescreen
Operating System(s):
Windows 7 Ultimate 32Bit
 
Old 5th Jul 2008, 11:59
Full Member
Posts: 85
 
Heres the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 05:20 PM
Application Version : 4.15.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Quick Scan
Total Scan Time : 00:10:14
Memory items scanned : 268
Memory threats detected : 1
Registry items scanned : 407
Registry threats detected : 26
File items scanned : 6977
File threats detected : 175
Rogue.AntiVirus XP 2008
C:\PROGRAM FILES\RHCPV6J0EREL\RHCPV6J0EREL.EXE
C:\PROGRAM FILES\RHCPV6J0EREL\RHCPV6J0EREL.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\AA\RHCPV6J0EREL\RHCPV6J0EREL.EXE
Rogue.Dropper/Gen
[lphctv6j0erel] C:\WINDOWS\SYSTEM32\LPHCTV6J0EREL.EXE
C:\WINDOWS\SYSTEM32\LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Danny\Cookies\danny@serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@burstnet[2].txt
C:\Documents and Settings\Danny\Cookies\danny@media.adrevolver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@clickbank[1].txt
C:\Documents and Settings\Danny\Cookies\danny@advertpro[1].txt
C:\Documents and Settings\Danny\Cookies\danny@e-2dj6wjnywnc5eeo.stats.esomniture[2].txt
C:\Documents and Settings\Danny\Cookies\danny@tribalfusion[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adserver.mediarun[1].txt
C:\Documents and Settings\Danny\Cookies\danny@192[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adviva[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-mgnlimited.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@sex-video[2].txt
C:\Documents and Settings\Danny\Cookies\danny@mediaplex[1].txt
C:\Documents and Settings\Danny\Cookies\danny@stat.onestat[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevenue[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.videhost[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.pugetsoundsoftware[1].txt
C:\Documents and Settings\Danny\Cookies\danny@advertising[2].txt
C:\Documents and Settings\Danny\Cookies\danny@doubleclick[2].txt
C:\Documents and Settings\Danny\Cookies\danny@www.burstnet[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tacoda[1].txt
C:\Documents and Settings\Danny\Cookies\danny@s[1].txt
C:\Documents and Settings\Danny\Cookies\danny@kontera[2].txt
C:\Documents and Settings\Danny\Cookies\danny@data.coremetrics[1].txt
C:\Documents and Settings\Danny\Cookies\danny@questionmarket[1].txt
C:\Documents and Settings\Danny\Cookies\danny@roiservice[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adbrite[2].txt
C:\Documents and Settings\Danny\Cookies\danny@counter.hitslink[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adserving.muppetism[1].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[4].txt
C:\Documents and Settings\Danny\Cookies\danny@vhost.oddcast[2].txt
C:\Documents and Settings\Danny\Cookies\danny@rotator.adjuggler[2].txt
C:\Documents and Settings\Danny\Cookies\danny@s1.trafficmaxx[1].txt
C:\Documents and Settings\Danny\Cookies\danny@www.stilemedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.ookla[2].txt
C:\Documents and Settings\Danny\Cookies\danny@neocounter2[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ad1.doublepimp[1].txt
C:\Documents and Settings\Danny\Cookies\danny@te.kontera[2].txt
C:\Documents and Settings\Danny\Cookies\danny@9167811[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevolver[3].txt
C:\Documents and Settings\Danny\Cookies\danny@indextools[2].txt
C:\Documents and Settings\Danny\Cookies\danny@sexyandshocking[1].txt
C:\Documents and Settings\Danny\Cookies\danny@yadro[1].txt
C:\Documents and Settings\Danny\Cookies\danny@w00tpublishers.wootmedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@e-2dj6wfkokkcjcao.stats.esomniture[2].txt
C:\Documents and Settings\Danny\Cookies\danny@atwola[1].txt
C:\Documents and Settings\Danny\Cookies\danny@zedo[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adecn[2].txt
C:\Documents and Settings\Danny\Cookies\danny@mobilefun.112.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@m1.webstats.motigo[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevolver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@1068755026[2].txt
C:\Documents and Settings\Danny\Cookies\danny@specificclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@firstchoice[1].txt
C:\Documents and Settings\Danny\Cookies\danny@2o7[2].txt
C:\Documents and Settings\Danny\Cookies\danny@tradedoubler[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.techguy[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adultadworld[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Danny\Cookies\danny@firstchoice[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-twi.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ad.yieldmanager[2].txt
C:\Documents and Settings\Danny\Cookies\danny@revsci[1].txt
C:\Documents and Settings\Danny\Cookies\danny@statse.webtrendslive[2].txt
C:\Documents and Settings\Danny\Cookies\danny@exchange.ggmedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adlegend[1].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[1].txt
C:\Documents and Settings\Danny\Cookies\danny@shopping.112.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.digitalrock.co[1].txt
C:\Documents and Settings\Danny\Cookies\danny@63701567[2].txt
C:\Documents and Settings\Danny\Cookies\danny@overture[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ad1.clickhype[1].txt
C:\Documents and Settings\Danny\Cookies\danny@a[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bluestreak[1].txt
C:\Documents and Settings\Danny\Cookies\danny@statcounter[1].txt
C:\Documents and Settings\Danny\Cookies\danny@atdmt[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.pubmatic[2].txt
C:\Documents and Settings\Danny\Cookies\danny@247realmedia[2].txt
C:\Documents and Settings\Danny\Cookies\danny@avgtechnologies.112.2o7[2].txt
C:\Documents and Settings\Danny\Cookies\danny@bravenet[1].txt
C:\Documents and Settings\Danny\Cookies\danny@heavycom.122.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@stat.dealtime[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adopt.euroclick[2].txt
C:\Documents and Settings\Danny\Cookies\danny@server.iad.liveperson[2].txt
C:\Documents and Settings\Danny\Cookies\danny@fastclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tripod[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adtech[1].txt
C:\Documents and Settings\Danny\Cookies\danny@enhance[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-systemax.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@stilemedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@gostats[1].txt
C:\Documents and Settings\Danny\Cookies\danny@network-ca.247realmedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@AdRotator[2].txt
C:\Documents and Settings\Danny\Cookies\danny@1048893890[2].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[3].txt
C:\Documents and Settings\Danny\Cookies\danny@www.clash-media[2].txt
C:\Documents and Settings\Danny\Cookies\danny@indexstats[2].txt
C:\Documents and Settings\Danny\Cookies\danny@test.coremetrics[1].txt
C:\Documents and Settings\Danny\Cookies\danny@eas.apm.emediate[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adtech[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@ehg-iwantoneofthose.hitbox[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@ad.yieldmanager[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@metacafe.122.2o7[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@stat.onestat[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter4.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@doubleclick[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@atdmt[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@as1.falkag[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@hg1.hitbox[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@c1.zedo[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter13.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter15.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@hitbox[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adrevolver[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adrevolver[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@zedo[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@targetnet[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adopt.hbmediapro[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@2o7[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@atwola[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@stats.searchtrack[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@atdmt[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@fifteen[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@www.fifteen[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@e-2dj6wflisidjkko.stats.esomniture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adtech[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@marksandspencer.122.2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adrevolver[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@perf.overture[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@windowsmedia[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@statcounter[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@accounts[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@e-2dj6wflyckcjabo.stats.esomniture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ehg-debenhams.hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@paypal.112.2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@tracker.roitesting[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@bravenet[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adopt.euroclick[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@indexstats[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@data4.perf.overture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@bs.serving-sys[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@revsci[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@mediaplex[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@etype.adbureau[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@112.2o7[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ads.telegraph.co[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@statse.webtrendslive[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@questionmarket[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@serving-sys[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@tradedoubler[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@indextools[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@2o7[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@advertising[2].txt
Rogue.AntiSpywareExpert
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Type
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Start
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Opt
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Security
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#NextInstance
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHCTV6J0EREL.SCR
Trojan.Unclassified/CBEvtSvc
C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE
C:\WINDOWS\Prefetch\CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 113635
Time elapsed: 42 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP2\A0000029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP2\A0000047.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP4\A0000262.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP4\A0000485.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

JavaRa 1.08 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Jul 05 19:49:54 2008
Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\JavaPlugin.150_02Found and removed: SOFTWARE\Classes\JavaPlugin.150_04Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10------------------------------------Finished reporting.


Thanks guys
 
Old 5th Jul 2008, 12:01
Moderator
Posts: 7,841
 
Need the Hijackthis log now.
__________________
 
Old 5th Jul 2008, 12:25
Full Member
Posts: 85
 
Oops sorry. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:21, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\OSD.EXE
C:\WINDOWS\system32\SB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toysrus.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OSD] %SystemRoot%\System32\OSD.EXE
O4 - HKLM\..\Run: [SB] C:\WINDOWS\system32\SB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMrhcpv6j0erel] C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] C:\Program Files\United Alerts\UnitedAlerts.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {CE67CBC2-5CCB-4FC4-BA83-51AE4878170C} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 10438 bytes
 
Old 5th Jul 2008, 12:32
Moderator
Posts: 7,841
 
Still some work to do.

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
  • Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.
If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix

----------

Next post add
SDFix log
A NEW Hijackthis log
__________________
 
Old 5th Jul 2008, 13:34
Full Member
Posts: 85
 
OK Next logs

SDFix: Version 1.201
Run by Danny on 05/07/2008 at 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Songs\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55050b1d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000c55050b1d]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000aa
"TracesSuccessful"=dword:00000005
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\United Alerts\\UnitedAlerts.exe"="C:\\Program Files\\United Alerts\\UnitedAlerts.exe"
"C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe:*:Enabled:ICQ"
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe:*:Enabled:Shellscn"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\United Alerts\\UnitedAlerts.exe"="C:\\Program Files\\United Alerts\\UnitedAlerts.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

Files with Hidden Attributes :
Wed 26 Jan 2005 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 13 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 5 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\Mar15.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\Mar9.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\MarA.tmp"
Sat 5 Jul 2008 96 A..H. --- "C:\Documents and Settings\All Users\Application Data\avg8(2)\scanlogs\srmcheck.tmp"
Wed 13 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv1key.bak"
Wed 25 Jan 2006 20 A..H. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 13 Jul 2005 312 A.SH. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv2key.bak"
Finished!


and


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:52, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\OSD.EXE
C:\WINDOWS\system32\SB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toysrus.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OSD] %SystemRoot%\System32\OSD.EXE
O4 - HKLM\..\Run: [SB] C:\WINDOWS\system32\SB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMrhcpv6j0erel] C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] C:\Program Files\United Alerts\UnitedAlerts.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {CE67CBC2-5CCB-4FC4-BA83-51AE4878170C} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 10422 bytes
 
Old 5th Jul 2008, 13:38
Moderator
Posts: 7,841
 
I need to have some more information on a couple of files. Post the links here to the results when complete.

Scan Suspicious File(s)

Visit Virustotal
(If more than one file needs scanned they must be done separately and logs posted for each one)
  • Copy the file path in the below Code box:
Code:
C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
  • At the upload site, click once inside the window next to Browse.
  • Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
  • Next click Send File
    • Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  • This will perform a scan across multiple different virus scanning engines.
  • Important: Wait for all of the scanning engines to complete.
  • Copy and then Paste the link to the results in the next reply.
Now do the same with this file.

Code:
C:\Program Files\United Alerts\UnitedAlerts.exe
__________________
 
Old 5th Jul 2008, 14:08
Full Member
Posts: 85
 
When I hit send file I just get a message saying no bytes received
 
Old 5th Jul 2008, 14:41
Moderator
Posts: 7,841
 
Download Combofix by sUBs from one of the below links.
Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • Choose Yes to accept the Disclaimers.
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log
__________________
 
Old 5th Jul 2008, 15:21
Full Member
Posts: 85
 
Next log

ComboFix 08-07-04.6 - Danny 2008-07-05 23:12:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rozzie\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-05 21:02 . 2008-07-05 21:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-05 20:21 . 2008-07-05 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 19:35 . 2008-07-05 19:35 <DIR> d-------- C:\Program Files\Sun
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:39 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\CCleaner
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 17:07 . 2008-07-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 16:38 . 2008-07-05 16:38 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel
2008-07-05 15:40 . 2008-07-05 15:40 0 --a------ C:\WINDOWS\system32\41.tmp
2008-07-05 15:21 . 2008-07-05 15:21 0 --a------ C:\WINDOWS\system32\3C.tmp
2008-07-05 14:55 . 2008-07-05 16:33 <DIR> d-------- C:\$AVG8.VAULT$
2008-07-05 14:53 . 2008-07-05 14:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-05 14:53 . 2008-07-05 16:34 <DIR> d-------- C:\Program Files\AVG(2)
2008-07-05 14:52 . 2008-07-05 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-05 14:40 . 2008-07-05 14:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
2008-07-05 13:10 . 2008-07-05 18:00 <DIR> d-------- C:\AA
2008-07-05 11:33 . 2006-03-22 13:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-07-05 11:25 . 2008-07-05 11:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-05 11:23 . 2008-07-05 11:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-05 11:23 . 2008-07-05 11:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-05 10:27 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-05 10:17 . 2008-07-05 10:17 <DIR> d-------- C:\WINDOWS\EHome
2008-07-05 10:08 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-05 10:07 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-05 10:06 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-05 09:39 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 09:37 . 2008-04-14 01:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-05 09:37 . 2008-04-13 19:51 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-07-05 09:37 . 2008-04-13 19:46 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-07-05 09:37 . 2008-04-14 01:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-07-05 09:37 . 2008-04-13 19:46 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys
2008-07-05 09:37 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-07-05 09:37 . 2008-04-14 01:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-07-04 18:43 . 2008-07-04 18:43 <DIR> d-------- C:\Program Files\DNA
2008-07-04 18:43 . 2008-07-05 23:09 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\DNA
2008-06-27 06:54 . 2008-06-27 06:54 9,728 --a------ C:\WINDOWS\system32\SiSPIns2.dll
2008-06-22 19:06 . 2008-06-22 19:06 738 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 16:41 . 2008-06-22 16:41 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Talkback
2008-06-22 16:40 . 2008-06-22 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 15:29 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 15:29 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-22 15:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 20:30 --------- d-----w C:\Program Files\SPAMfighter
2008-07-05 18:49 --------- d-----w C:\Program Files\Java
2008-07-05 11:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-05 10:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-07-04 17:43 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-07-04 17:43 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent DNA
2008-06-27 06:19 19,072 ----a-w C:\WINDOWS\system32\drivers\srvkp.sys
2008-06-27 06:19 1,571,001 ----a-w C:\WINDOWS\system32\sisgl.dll
2008-06-27 06:02 3,467,264 ----a-w C:\WINDOWS\system32\sisgrv.dll
2008-06-27 05:57 323,584 ----a-w C:\WINDOWS\system32\drivers\sisgrp.sys
2008-06-27 05:53 49,152 ----a-w C:\WINDOWS\system32\SiSBase.dll
2008-06-27 05:53 258,048 ----a-w C:\WINDOWS\system32\SiSParse.dll
2008-06-27 05:53 172,032 ----a-w C:\WINDOWS\system32\SiSInst.dll
2008-06-27 05:53 12,288 ----a-w C:\WINDOWS\InstFunc.dll
2008-05-28 16:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 16:27 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\Real
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-02 13:54 4,154 ----a-w C:\Program Files\INSTALL.LOG
2008-01-04 16:30 32,408 ----a-w C:\Documents and Settings\Rozzie\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 17:49 32,408 ----a-w C:\Documents and Settings\Danny\Application Data\GDIPFONTCACHEV1.DAT
2005-01-26 17:03 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"United Alerts"="C:\Program Files\United Alerts\UnitedAlerts.exe" [2005-01-25 13:25 477880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 14:01 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-04 18:43 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB"="C:\WINDOWS\system32\SB.exe" [2003-12-19 17:01 241664]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-05 11:00 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-05 11:00 499712]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-07 02:14 504080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-13 10:50 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03 53248]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-28 17:27 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/14/2005 11:32:50 AM 266240]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [9/20/2005 7:10:04 PM 238080]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/7/2005 5:17:03 PM 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\United Alerts\UnitedAlerts.exe"= C:\Program Files\United Alerts\UnitedAlerts.exe
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
R3 MTC0001_SB;SB device driver;C:\WINDOWS\system32\ntSB.sys [2001-11-27 09:11]
R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-02-20 12:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1b5396-d452-11d9-99a2-0040d068e23b}]
\Shell\AutoRun\command - G:\loader.exe /no hidden
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SMrhcpv6j0erel - C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:17:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-05 23:19:12
ComboFix-quarantined-files.txt 2008-07-05 22:19:07
Pre-Run: 20,027,408,384 bytes free
Post-Run: 20,279,582,720 bytes free
212 --- E O F --- 2008-07-05 11:15:54
 
Old 5th Jul 2008, 15:42
Moderator
Posts: 7,841
 
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

Folder::
C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel

File::
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\3C.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"United Alerts"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Next post add
New combofix log

Also let me know how things are now.
__________________
 
Old 6th Jul 2008, 00:09
Full Member
Posts: 85
 
ComboFix 08-07-04.6 - Danny 2008-07-05 23:48:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danny\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\41.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel
C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\41.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-05 21:02 . 2008-07-05 21:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-05 20:21 . 2008-07-05 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 19:35 . 2008-07-05 19:35 <DIR> d-------- C:\Program Files\Sun
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:39 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\CCleaner
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 17:07 . 2008-07-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 14:55 . 2008-07-05 16:33 <DIR> d-------- C:\$AVG8.VAULT$
2008-07-05 14:53 . 2008-07-05 14:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-05 14:53 . 2008-07-05 16:34 <DIR> d-------- C:\Program Files\AVG(2)
2008-07-05 14:52 . 2008-07-05 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-05 13:10 . 2008-07-05 18:00 <DIR> d-------- C:\AA
2008-07-05 11:33 . 2006-03-22 13:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-07-05 11:25 . 2008-07-05 11:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-05 11:23 . 2008-07-05 11:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-05 11:23 . 2008-07-05 11:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-05 10:27 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-05 10:17 . 2008-07-05 10:17 <DIR> d-------- C:\WINDOWS\EHome
2008-07-05 10:08 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-05 10:07 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-05 10:06 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-05 09:39 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 09:37 . 2008-04-14 01:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-05 09:37 . 2008-04-13 19:51 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-07-05 09:37 . 2008-04-13 19:46 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-07-05 09:37 . 2008-04-14 01:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-07-05 09:37 . 2008-04-13 19:46 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys
2008-07-05 09:37 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-07-05 09:37 . 2008-04-14 01:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-07-04 18:43 . 2008-07-04 18:43 <DIR> d-------- C:\Program Files\DNA
2008-07-04 18:43 . 2008-07-05 23:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\DNA
2008-06-27 06:54 . 2008-06-27 06:54 9,728 --a------ C:\WINDOWS\system32\SiSPIns2.dll
2008-06-22 19:06 . 2008-06-22 19:06 738 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 16:41 . 2008-06-22 16:41 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Talkback
2008-06-22 16:40 . 2008-06-22 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 15:29 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 15:29 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-22 15:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 22:53 --------- d-----w C:\Program Files\SPAMfighter
2008-07-05 18:49 --------- d-----w C:\Program Files\Java
2008-07-05 11:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-05 10:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-07-04 17:43 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-07-04 17:43 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent DNA
2008-06-27 06:19 19,072 ----a-w C:\WINDOWS\system32\drivers\srvkp.sys
2008-06-27 05:57 323,584 ----a-w C:\WINDOWS\system32\drivers\sisgrp.sys
2008-06-27 05:53 12,288 ----a-w C:\WINDOWS\InstFunc.dll
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\Real
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-02-02 13:54 4,154 ----a-w C:\Program Files\INSTALL.LOG
2008-01-04 16:30 32,408 ----a-w C:\Documents and Settings\Rozzie\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 17:49 32,408 ----a-w C:\Documents and Settings\Danny\Application Data\GDIPFONTCACHEV1.DAT
2005-01-26 17:03 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-05_23.18.56.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 20:18:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 22:52:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 14:01 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-04 18:43 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB"="C:\WINDOWS\system32\SB.exe" [2003-12-19 17:01 241664]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-05 11:00 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-05 11:00 499712]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-07 02:14 504080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-13 10:50 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03 53248]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-28 17:27 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/14/2005 11:32:50 AM 266240]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [9/20/2005 7:10:04 PM 238080]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/7/2005 5:17:03 PM 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\United Alerts\UnitedAlerts.exe"= C:\Program Files\United Alerts\UnitedAlerts.exe
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
R3 MTC0001_SB;SB device driver;C:\WINDOWS\system32\ntSB.sys [2001-11-27 09:11]
R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-02-20 12:05]
R3 WinSer;WinSer;C:\WINDOWS\System32\WinSer.sys [2004-05-14 18:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1b5396-d452-11d9-99a2-0040d068e23b}]
\Shell\AutoRun\command - G:\loader.exe /no hidden
*Newly Created Service* - WINSER
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:54:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [248] 0x84B1FB38
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\OSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-07-05 23:59:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 22:58:56
ComboFix2.txt 2008-07-05 22:19:13
Pre-Run: 20,262,662,144 bytes free
Post-Run: 20,254,003,200 bytes free
192 --- E O F --- 2008-07-05 11:15:54


Machine seems to be running ok...its definately faster
 
Old 6th Jul 2008, 09:22
Moderator
Posts: 7,841
 
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.


The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

----------

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
  • Go to Start > Programs > Accessories > System Tools and click System Restore
  • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Next go to Start > Run and type Cleanmgr
  • Click OK
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.

----------

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
 
Old 6th Jul 2008, 12:57
Full Member
Posts: 85
 
Secunia website is down..Cant access it
 
Old 6th Jul 2008, 13:23
Moderator
Posts: 7,841
 
Happens now and then. Usually no longer than a few hours.
__________________
 
Old 6th Jul 2008, 14:31
Full Member
Posts: 85
 
ok off to bed now thanks again mate
 
Old 7th Jul 2008, 22:08
Full Member
Posts: 85
 
Site is now open but it says Java applet wont run in my browser?
Page 1 of 2 1 2


Translations Powered by Powered by Google
CroatianCzechDanishDutchEnglishFinnishFrenchGermanGreekHebrewHungarianItalianJapaneseLatvianLithuanianNorwegianPolishPortugueseRomanianRussianSlovakSpanishSwedish

Copyright ©2006 - 2010 Computer Juice.
Contact - Directory - Privacy - Sitemap - Top

vBulletin Translation Engine by vBET
Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2010, Crawlability, Inc.