Hjt Log - Virus Or Malware? Help Appreciated[INACTIVE]


Recommended Posts

Hey guys, a friend recently opened a zip file on my computer and ran an exe... He called me when Norton Internet Security came up with virus alerts, and SVCHost asking for internet access. Assuming that the request was the virus trying to propogate itself, I blocked access to SVChost (and later set it back to Automatic rules).

Since then, my IE has redirected me to strange pages when I click hyperlinks. IE also crashes spontaneously, with the error: "Internet explorer has encountered a problem and needs to shutdown." no error number or anything like that.

My MSN messenger also crashes when i attempt to log in - standard microsoft error message with the option to send the error report.

Here is an example of where IE sends me from some random hyperlinks: UNSAFE LINKS

I subsequently uninstalled MSN and reinstalled with no luck. I also installed an earlier version of MSN, which produced the same error on sign in. Same with internet explorer - went back to IE 6 after uninstalling IE7 but am having the same difficulties.

I did a full virus scan with Norton, and spybot scan. Found 7 viruses which Norton resolved, and some malware from spybot - Torpig and Vitumonde (screen capture attached). This was a fresh spybot scan, it had claimed to have removed these files earlier.

** just noticed a post on virtumonde - I will try those solutions too.

Also used M$oft's registry fixer tool-amajig, which cleaned up the registry but did not help the problem.

At this point I'm stuck. Here's my HJT log. Any help or advice is much appreciated!!

Regards,

Mark

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:26:32 PM, on 11/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\SecCopy\SecCopy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Mark\RegClean\RegClean.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Mmecpjqe\tnttccke.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {d3021047-320d-4cf5-ad30-6b06bea65874} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [unktmhox] rundll32.exe "C:\Program Files\unktmhox\whgbazyf.dll",Init

O4 - HKLM\..\Run: [wpopwpsb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wpopwpsb.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [spybotDeletingA1067] command /c del "C:\WINDOWS\Temp\$_2341233.TMP"

O4 - HKLM\..\RunOnce: [spybotDeletingC4609] cmd /c del "C:\WINDOWS\Temp\$_2341233.TMP"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB2999] command /c del "C:\WINDOWS\Temp\$_2341233.TMP"

O4 - HKCU\..\RunOnce: [spybotDeletingD8942] cmd /c del "C:\WINDOWS\Temp\$_2341233.TMP"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193854559203

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: atmeds - atmeds.dll (file missing)

O20 - Winlogon Notify: winulg32 - C:\WINDOWS\SYSTEM32\winulg32.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12377 bytes

post-2201-1195768330_thumb.jpg

Edited by MoNsTeReNeRgY22
Link to post
Share on other sites

Combo fix log:

ComboFix 07-11-19.3 - Mark 2007-11-22 17:04:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.951 [GMT -5:00]

Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\d.exe

C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll

C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll

C:\WINDOWS\system32\winulg32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_NTMLSVC

-------\LEGACY_NWSAPAGENT

-------\NtmlSvc

-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))

.

2007-11-22 14:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-22 13:25 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-22 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies

2007-11-22 00:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2007-11-21 23:33 <DIR> d-------- C:\Program Files\Windows Live

2007-11-21 23:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2007-11-21 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-11-21 23:10 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv

2007-11-21 23:10 <DIR> d-------- C:\Program Files\unktmhox

2007-11-21 23:10 <DIR> d-------- C:\Program Files\Mmecpjqe

2007-11-21 23:10 131,072 --a------ C:\Documents and Settings\All Users\Application Data\wpopwpsb.dll

2007-11-20 20:55 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll

2007-11-20 12:59 <DIR> d-------- C:\Program Files\Traffic Shaper XP Server

2007-11-20 12:59 <DIR> d-------- C:\Program Files\Traffic Shaper XP Client

2007-11-20 12:58 215,808 --a------ C:\WINDOWS\system32\drivers\bcim.sys

2007-11-18 15:21 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SecondLife

2007-11-17 16:36 <DIR> d-------- C:\Program Files\Graboid

2007-11-13 23:16 <DIR> d-------- C:\Program Files\Fiddler2

2007-11-08 01:01 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\OpenOffice.org2

2007-11-06 13:01 <DIR> d-------- C:\VideoSec

2007-11-05 12:12 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log

2007-11-02 01:10 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-10-31 23:37 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-10-31 23:37 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-10-31 13:52 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3

2007-10-31 13:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-10-31 13:51 4,937 --a------ C:\WINDOWS\system32\jupdate-1.6.0_02-b05.log

2007-10-31 13:32 <DIR> d-------- C:\Program Files\MSECache

2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll

2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll

2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys

2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys

2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys

2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys

2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys

2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys

2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys

2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat

2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf

2007-10-23 11:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-10-22 11:21 8 --a------ C:\WINDOWS\system32\nvModes.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-22 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-11-22 21:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-22 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-21 01:55 --------- d-----w C:\Program Files\SecCopy

2007-11-17 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-16 06:25 --------- d-----w C:\Program Files\Apple Software Update

2007-11-16 03:24 --------- d-----w C:\Program Files\iTunes

2007-11-16 03:24 --------- d-----w C:\Program Files\iPod

2007-11-16 03:22 --------- d-----w C:\Program Files\QuickTime

2007-11-05 17:13 --------- d-----w C:\Program Files\Java

2007-10-25 01:43 --------- d-----w C:\Documents and Settings\Mark\Application Data\Bioshock

2007-10-03 21:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-03 21:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-03 21:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-03 21:54 --------- d-----w C:\Program Files\Symantec

2007-10-02 04:00 --------- d--h--r C:\Documents and Settings\Mark\Application Data\SecuROM

2007-10-02 03:44 --------- d-----w C:\Documents and Settings\Mark\Application Data\InstallShield

2007-09-28 04:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-09-26 03:25 --------- d-----w C:\Documents and Settings\Mark\Application Data\Apple Computer

2007-09-25 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2006-03-22 17:48 703 ----a-w C:\Program Files\INSTALL.LOG

2005-09-13 00:57 8 ----a-w C:\Documents and Settings\Mark\Application Data\usb.dat.bin

2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2003-12-18 16:33 20,102 ----a-w C:\Program Files\Readme.txt

2003-09-03 12:46 10,960 ----a-w C:\Program Files\EULA.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}]

2007-11-21 23:10 131072 --a------ C:\Program Files\Mmecpjqe\tnttccke.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3021047-320d-4cf5-ad30-6b06bea65874}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 15:10]

"bandmon"="C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe" []

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]

"Citrus Alarm Clock"="C:\Program Files\Citrus Alarm Clock\citrusac.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

"PowerBar"="" []

"Second Copy"="C:\PROGRA~1\SecCopy\SecCopy.exe" [2007-10-17 08:42]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RegistryMechanic"="" []

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]

"osCheck"="E:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 10:43]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmeds]

atmeds.dll

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys

R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys

R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys

R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys

R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\WINDOWS\system32\DRIVERS\zd1211u.sys

S3 ewdmaudn;ewdmaudn;\??\C:\DOCUME~1\Mark\LOCALS~1\Temp\ewdmaudn.sys

S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys

S3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

S3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 19:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-17 13:40:18 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Mark.job"

- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-22 17:12:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-22 17:15:16 - machine was rebooted

.

--- E O F ---

-----------------------------------------

HJT Uninstall list::

Acronis True Image

Ad-Aware SE Personal

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 9 ActiveX

Adobe Flash Player Plugin

Adobe Help Center 1.0

Adobe Illustrator 10

Adobe Photoshop 7.0

Adobe Photoshop CS2

Adobe Reader 8.1.1

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

AGEIA PhysX v2.3.3

America's Army

AppCore

Apple Mobile Device Support

Apple Software Update

ASUS Enhanced Display Driver

ASUS GameFace Live

ASUS SmartDoctor

ASUS Utilities

ASUS Video Security

AutoCAD 2007 - English

Autodesk DWF Viewer

AV

Battlefield 2

BioShock

Black & White® 2

BlackBerry Desktop Software 4.2.2

BlackBerry Desktop Software 4.2.2

Call of Duty® 2

ccCommon

CCV Patch 501a

Close Combat Invasion Normandy

Colin McRae Rally 2005

Company of Heroes

Compatibility Pack for the 2007 Office system

DAEMON Tools

DivX Codec

DivX Web Player

DreamStripper Game

DVD Decrypter (Remove Only)

DVD Solution

EA SPORTS online 2006

EA SPORTSâ„¢ Rugby 08

Easy DVD/CD Burner

Evil Genius V1.01

Fiddler (remove only)

Fiddler2 (remove only)

FIFA 06

Google Earth

Graboid

Grand Theft Auto

GTA San Andreas

Half-Life 2 [DiGiTALZoNE]

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Homeworld II

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB928388)

Hotfix for Windows XP (KB935448)

HTML-Kit

InterActual Player

iTunes

J2SE Runtime Environment 5.0 Update 3

J2SE Runtime Environment 5.0 Update 4

Java 6 Update 2

Java 6 Update 3

LimeWire 4.14.10

LiveUpdate 3.1 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Logitech Gaming Software

Logitech QuickCam Software

Logitech® Camera Driver

Macromedia Shockwave Player

Marvell Miniport Driver

Medal of Honor Allied Assault

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Morpheus 5.1 (remove only)

Mozilla Firefox (2.0.0.3)

MSN

MSRedist

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

Multimedia Launcher

Nero OEM

NHL 2004

NHL06

Norton AntiVirus

Norton Confidential Browser Component

Norton Confidential Web Protection Component

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security

Norton Internet Security (Symantec Corporation)

Norton Protection Center

NTI CD-Maker Deluxe

NVIDIA Drivers

OpenOffice.org 2.3

Palm Desktop

PowerDVD

PuTTY version 0.58

Python 2.1

Python 2.1 combined Win32 extensions

QuickTime

Realtek High Definition Audio Driver

Registry Mechanic 5.1

RollerCoaster Tycoon® 3

Roxio Media Manager

SafeCast Shared Components

Screen Grab Pro

Second Copy 7

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB943460)

Sentinel System Driver 5.42.1 (32-bit)

Sid Meier's Civilization 4

Sid Meier's Pirates!

Sid Meier's SimGolf

SimCity 4

SimCityâ„¢ Societies

SketchUp 5

SmartFTP Client 2.0

SmartFTP Client 2.0 Setup Files (remove only)

SPBBC 32bit

Splinter Cell Pandora Tomorrow

Sports Car GT

Spybot - Search & Destroy

Star Wars Empire at War

SWAT 4 - Gold

The Sims 2

The Sims 2 Pets

Tiger Woods PGA TOUR 07

Tiger Woods PGA TOUR 2003

TrackMania Nations ESWC 0.1.7.5

Traffic Shaper XP Client

Traffic Shaper XP Server

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893086

WinISO 5.3

WinRAR archiver

WinSCP 3.8.2

Link to post
Share on other sites

Hello and sorry for the delay.

Download MsnCleaner.zip from here, but don't use it yet.

http://www.forospyware.com/Msncleaner/MsnCleaner.zip

(Copy/Paste the URL into the address bar or use "Save Target As")

  • Now reboot into Safe Mode
  • Double-click MsnCleaner_eng.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.