lecanucker Posted November 22, 2007 Report Share Posted November 22, 2007 (edited) Hey guys, a friend recently opened a zip file on my computer and ran an exe... He called me when Norton Internet Security came up with virus alerts, and SVCHost asking for internet access. Assuming that the request was the virus trying to propogate itself, I blocked access to SVChost (and later set it back to Automatic rules).Since then, my IE has redirected me to strange pages when I click hyperlinks. IE also crashes spontaneously, with the error: "Internet explorer has encountered a problem and needs to shutdown." no error number or anything like that. My MSN messenger also crashes when i attempt to log in - standard microsoft error message with the option to send the error report.Here is an example of where IE sends me from some random hyperlinks: UNSAFE LINKSI subsequently uninstalled MSN and reinstalled with no luck. I also installed an earlier version of MSN, which produced the same error on sign in. Same with internet explorer - went back to IE 6 after uninstalling IE7 but am having the same difficulties.I did a full virus scan with Norton, and spybot scan. Found 7 viruses which Norton resolved, and some malware from spybot - Torpig and Vitumonde (screen capture attached). This was a fresh spybot scan, it had claimed to have removed these files earlier.** just noticed a post on virtumonde - I will try those solutions too.Also used M$oft's registry fixer tool-amajig, which cleaned up the registry but did not help the problem.At this point I'm stuck. Here's my HJT log. Any help or advice is much appreciated!!Regards,MarkLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:26:32 PM, on 11/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\regsvr32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SecCopy\SecCopy.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\ups.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Mark\RegClean\RegClean.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Mmecpjqe\tnttccke.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {d3021047-320d-4cf5-ad30-6b06bea65874} - (no file)O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dllO4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [unktmhox] rundll32.exe "C:\Program Files\unktmhox\whgbazyf.dll",InitO4 - HKLM\..\Run: [wpopwpsb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wpopwpsb.dll"O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exeO4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenuO4 - HKLM\..\RunOnce: [spybotDeletingA1067] command /c del "C:\WINDOWS\Temp\$_2341233.TMP"O4 - HKLM\..\RunOnce: [spybotDeletingC4609] cmd /c del "C:\WINDOWS\Temp\$_2341233.TMP"O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exeO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [spybotDeletingB2999] command /c del "C:\WINDOWS\Temp\$_2341233.TMP"O4 - HKCU\..\RunOnce: [spybotDeletingD8942] cmd /c del "C:\WINDOWS\Temp\$_2341233.TMP"O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/mail/re...es/MsnPUpld.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193854559203O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cabO20 - Winlogon Notify: atmeds - atmeds.dll (file missing)O20 - Winlogon Notify: winulg32 - C:\WINDOWS\SYSTEM32\winulg32.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 12377 bytes Edited November 30, 2007 by MoNsTeReNeRgY22 Link to post Share on other sites
lecanucker Posted November 22, 2007 Author Report Share Posted November 22, 2007 Combo fix log:ComboFix 07-11-19.3 - Mark 2007-11-22 17:04:55.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.951 [GMT -5:00]Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\d.exeC:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dllC:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dllC:\WINDOWS\system32\winulg32.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_NTMLSVC-------\LEGACY_NWSAPAGENT-------\NtmlSvc-------\NwSapAgent((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))).2007-11-22 14:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat2007-11-22 13:25 <DIR> d-------- C:\Program Files\Trend Micro2007-11-22 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies2007-11-22 00:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf2007-11-21 23:33 <DIR> d-------- C:\Program Files\Windows Live2007-11-21 23:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller2007-11-21 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2007-11-21 23:10 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv2007-11-21 23:10 <DIR> d-------- C:\Program Files\unktmhox2007-11-21 23:10 <DIR> d-------- C:\Program Files\Mmecpjqe2007-11-21 23:10 131,072 --a------ C:\Documents and Settings\All Users\Application Data\wpopwpsb.dll2007-11-20 20:55 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll2007-11-20 12:59 <DIR> d-------- C:\Program Files\Traffic Shaper XP Server2007-11-20 12:59 <DIR> d-------- C:\Program Files\Traffic Shaper XP Client2007-11-20 12:58 215,808 --a------ C:\WINDOWS\system32\drivers\bcim.sys2007-11-18 15:21 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SecondLife2007-11-17 16:36 <DIR> d-------- C:\Program Files\Graboid2007-11-13 23:16 <DIR> d-------- C:\Program Files\Fiddler22007-11-08 01:01 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\OpenOffice.org22007-11-06 13:01 <DIR> d-------- C:\VideoSec2007-11-05 12:12 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log2007-11-02 01:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22007-10-31 23:37 271,224 --a------ C:\WINDOWS\system32\mucltui.dll2007-10-31 23:37 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui2007-10-31 13:52 <DIR> d-------- C:\Program Files\OpenOffice.org 2.32007-10-31 13:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl2007-10-31 13:51 4,937 --a------ C:\WINDOWS\system32\jupdate-1.6.0_02-b05.log2007-10-31 13:32 <DIR> d-------- C:\Program Files\MSECache2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf2007-10-23 11:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat2007-10-22 11:21 8 --a------ C:\WINDOWS\system32\nvModes.dat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-22 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec2007-11-22 21:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared2007-11-22 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2007-11-21 01:55 --------- d-----w C:\Program Files\SecCopy2007-11-17 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-11-16 06:25 --------- d-----w C:\Program Files\Apple Software Update2007-11-16 03:24 --------- d-----w C:\Program Files\iTunes2007-11-16 03:24 --------- d-----w C:\Program Files\iPod2007-11-16 03:22 --------- d-----w C:\Program Files\QuickTime2007-11-05 17:13 --------- d-----w C:\Program Files\Java2007-10-25 01:43 --------- d-----w C:\Documents and Settings\Mark\Application Data\Bioshock2007-10-03 21:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF2007-10-03 21:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS2007-10-03 21:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT2007-10-03 21:54 --------- d-----w C:\Program Files\Symantec2007-10-02 04:00 --------- d--h--r C:\Documents and Settings\Mark\Application Data\SecuROM2007-10-02 03:44 --------- d-----w C:\Documents and Settings\Mark\Application Data\InstallShield2007-09-28 04:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys2007-09-26 03:25 --------- d-----w C:\Documents and Settings\Mark\Application Data\Apple Computer2007-09-25 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles2006-03-22 17:48 703 ----a-w C:\Program Files\INSTALL.LOG2005-09-13 00:57 8 ----a-w C:\Documents and Settings\Mark\Application Data\usb.dat.bin2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe2003-12-18 16:33 20,102 ----a-w C:\Program Files\Readme.txt2003-09-03 12:46 10,960 ----a-w C:\Program Files\EULA.txt.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]2007-11-21 23:10 131072 --a------ C:\Program Files\Mmecpjqe\tnttccke.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3021047-320d-4cf5-ad30-6b06bea65874}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 15:10]"bandmon"="C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe" []"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]"Citrus Alarm Clock"="C:\Program Files\Citrus Alarm Clock\citrusac.exe" []"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []"PowerBar"="" []"Second Copy"="C:\PROGRA~1\SecCopy\SecCopy.exe" [2007-10-17 08:42]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RegistryMechanic"="" []"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38]"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]"osCheck"="E:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 10:43]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"WIAWizardMenu"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmeds]atmeds.dllR0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sysR0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sysR2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sysR3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sysR3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sysR3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\WINDOWS\system32\DRIVERS\zd1211u.sysS3 ewdmaudn;ewdmaudn;\??\C:\DOCUME~1\Mark\LOCALS~1\Temp\ewdmaudn.sysS3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sysS3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sysS3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sysS3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sysS3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2007-11-21 19:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe"2007-11-17 13:40:18 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Mark.job"- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-11-22 17:12:56Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-11-22 17:15:16 - machine was rebooted. --- E O F --------------------------------------------HJT Uninstall list::Acronis True ImageAd-Aware SE PersonalAdobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 9 ActiveXAdobe Flash Player PluginAdobe Help Center 1.0Adobe Illustrator 10Adobe Photoshop 7.0Adobe Photoshop CS2Adobe Reader 8.1.1Adobe Stock Photos 1.0Adobe SVG Viewer 3.0AGEIA PhysX v2.3.3America's ArmyAppCoreApple Mobile Device SupportApple Software UpdateASUS Enhanced Display DriverASUS GameFace LiveASUS SmartDoctorASUS UtilitiesASUS Video SecurityAutoCAD 2007 - EnglishAutodesk DWF ViewerAVBattlefield 2BioShockBlack & White® 2BlackBerry Desktop Software 4.2.2BlackBerry Desktop Software 4.2.2Call of Duty® 2ccCommonCCV Patch 501aClose Combat Invasion NormandyColin McRae Rally 2005Company of HeroesCompatibility Pack for the 2007 Office systemDAEMON ToolsDivX CodecDivX Web PlayerDreamStripper GameDVD Decrypter (Remove Only)DVD SolutionEA SPORTS online 2006EA SPORTSâ„¢ Rugby 08Easy DVD/CD BurnerEvil Genius V1.01Fiddler (remove only)Fiddler2 (remove only)FIFA 06Google EarthGraboidGrand Theft AutoGTA San AndreasHalf-Life 2 [DiGiTALZoNE]High Definition Audio Driver Package - KB888111HijackThis 2.0.2Homeworld IIHotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB926239)Hotfix for Windows XP (KB928388)Hotfix for Windows XP (KB935448)HTML-KitInterActual PlayeriTunesJ2SE Runtime Environment 5.0 Update 3J2SE Runtime Environment 5.0 Update 4Java 6 Update 2Java 6 Update 3LimeWire 4.14.10LiveUpdate 3.1 (Symantec Corporation)LiveUpdate Notice (Symantec Corporation)Logitech Gaming SoftwareLogitech QuickCam SoftwareLogitech® Camera DriverMacromedia Shockwave PlayerMarvell Miniport DriverMedal of Honor Allied AssaultMicrosoft .NET Framework 2.0Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Edition 2003Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMorpheus 5.1 (remove only)Mozilla Firefox (2.0.0.3)MSNMSRedistMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)Multimedia LauncherNero OEMNHL 2004NHL06Norton AntiVirusNorton Confidential Browser ComponentNorton Confidential Web Protection ComponentNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet Security (Symantec Corporation)Norton Protection CenterNTI CD-Maker DeluxeNVIDIA DriversOpenOffice.org 2.3Palm DesktopPowerDVDPuTTY version 0.58Python 2.1Python 2.1 combined Win32 extensionsQuickTimeRealtek High Definition Audio DriverRegistry Mechanic 5.1RollerCoaster Tycoon® 3Roxio Media ManagerSafeCast Shared ComponentsScreen Grab ProSecond Copy 7Security Update for CAPICOM (KB931906)Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 2.0 (KB928365)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB883939)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893066)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896422)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB896688)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899588)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB903235)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB905915)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB908531)Security Update for Windows XP (KB911280)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913446)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917159)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB918899)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920214)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921503)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)Security Update for Windows XP (KB922760)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923694)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924191)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925454)Security Update for Windows XP (KB925486)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928090)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB943460)Sentinel System Driver 5.42.1 (32-bit)Sid Meier's Civilization 4Sid Meier's Pirates!Sid Meier's SimGolfSimCity 4SimCityâ„¢ SocietiesSketchUp 5SmartFTP Client 2.0SmartFTP Client 2.0 Setup Files (remove only)SPBBC 32bitSplinter Cell Pandora TomorrowSports Car GTSpybot - Search & DestroyStar Wars Empire at WarSWAT 4 - GoldThe Sims 2The Sims 2 PetsTiger Woods PGA TOUR 07Tiger Woods PGA TOUR 2003TrackMania Nations ESWC 0.1.7.5Traffic Shaper XP ClientTraffic Shaper XP ServerUpdate for Windows XP (KB894391)Update for Windows XP (KB896727)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB910437)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB927891)Update for Windows XP (KB929338)Update for Windows XP (KB930916)Update for Windows XP (KB931836)Update for Windows XP (KB933360)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Winamp (remove only)Windows Installer 3.1 (KB893803)Windows Live installerWindows Live MessengerWindows Media Format 11 runtimeWindows Media Format 11 runtimeWindows Media Player 11Windows Media Player 11Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB887742Windows XP Hotfix - KB888113Windows XP Hotfix - KB888302Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB891781Windows XP Hotfix - KB893086WinISO 5.3WinRAR archiverWinSCP 3.8.2 Link to post Share on other sites
Andro1d Posted November 30, 2007 Report Share Posted November 30, 2007 Hello and sorry for the delay.Download MsnCleaner.zip from here, but don't use it yet.http://www.forospyware.com/Msncleaner/MsnCleaner.zip(Copy/Paste the URL into the address bar or use "Save Target As")Now reboot into Safe Mode Double-click MsnCleaner_eng.exe to run it.Click the Analyze button.A report will be created once after you finish scan.If it finds an infection, click the Deleted button.Now, please reboot back to normal mode.Please post the contents of C:\MsnCleaner.txt in a reply to this post. Link to post Share on other sites
Recommended Posts