i got this virus how do i get rid worm.win32.netboost

Bulzeye11 · 05-12-2008, 05:39 PM

Ya that same thing happened to me had to do a whole new reintsall

Punk · 05-12-2008, 06:02 PM

Hello Texaspete!

Please run option 2 now on Smitfraudfix.

Please post a fresh Hijackthis log after you've done that along with a fresh combofix log. How is your computer running now?

texaspete · 05-13-2008, 09:15 PM

still running the same, poo!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:31, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: DVA First - {1D33427A-2A9F-48DA-B4CC-819902B6A2C2} - C:\WINDOWS\qvlbodmnqse.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll (file missing)
O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13020 bytes

texaspete · 05-13-2008, 09:16 PM

ComboFix 08-05-09.1 - Peter D Martin 2008-05-13 21:03:23.9 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rs.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 20:23 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-12 17:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-12 17:06 . 2008-05-13 20:23 5,516 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43
2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons
2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos
2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-04 14:04 . 2008-05-13 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour
2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco
2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield
2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband
2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe
2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp
2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp
2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder
2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old
2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer
2008-05-04 12:50 --------- d-----w C:\Program Files\iPod
2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-28 22:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-26 07:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:07 248 ----a-w C:\UnInstall.dat
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_21.52.58.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 20:38:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 19:56:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorlib.dll
+ 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorwks.dll
+ 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_PerfCounter.dll
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorlib.dll
+ 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorwks.dll
+ 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_PerfCounter.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}]
C:\WINDOWS\qvlbodmnqse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}]
[HKEY_CLASSES_ROOT\mkrndofl.1]
[HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}]
[HKEY_CLASSES_ROOT\mkrndofl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2003-03-31 08:00 44032]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-04 06:59 44544]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [ ]
"tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:10:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?4?1?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-13 21:14:15
ComboFix-quarantined-files.txt 2008-05-13 20:14:05
ComboFix2.txt 2008-05-10 20:54:00

Pre-Run: 10,817,732,608 bytes free
Post-Run: 10,802,827,264 bytes free

247 --- E O F --- 2008-05-13 19:42:39

texaspete · 05-14-2008, 05:11 PM

hows that look

texaspete · 05-14-2008, 05:13 PM

does it look bad

Punk · 05-14-2008, 05:51 PM

I'm looking at your Combofix log right now.

Did you run option 2 with simtfraudfix? If so, can you please post the log?

texaspete · 05-14-2008, 05:59 PM

SmitFraudFix v2.320

Scan done at 17:54:23.60, 14/05/2008
Run from C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning not selected.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Punk · 05-14-2008, 06:05 PM

OK

I'm still looking at your combofix log, I will post later on tonight (France time).

texaspete · 05-14-2008, 06:08 PM

cool, thanx punk

05-12-2008, 06:02 PM	#12 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,494	Hello Texaspete! Please run option 2 now on Smitfraudfix. Please post a fresh Hijackthis log after you've done that along with a fresh combofix log. How is your computer running now? __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

05-13-2008, 09:16 PM	#14 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	combo log ComboFix 08-05-09.1 - Peter D Martin 2008-05-13 21:03:23.9 - NTFSx86 Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\rs.txt . ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . 2008-05-13 20:23 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-12 17:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-12 17:06 . 2008-05-13 20:23 5,516 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43 2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons 2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited 2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos 2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks 2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-05-04 14:04 . 2008-05-13 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes 2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour 2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime 2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys 2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl 2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll 2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco 2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield 2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband 2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband 2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll 2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll 2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe 2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll 2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll 2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe 2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll 2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll 2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp 2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT 2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT 2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT 2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp 2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT 2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT 2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder 2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic 2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old 2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer 2008-05-04 12:50 --------- d-----w C:\Program Files\iPod 2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard 2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity 2008-03-28 22:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-03-26 07:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe 2008-03-19 22:44 --------- d-----w C:\Program Files\Google 2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware 2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON 2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 16:09 --------- d-----w C:\Program Files\Canon 2008-03-14 16:07 248 ----a-w C:\UnInstall.dat 2008-03-14 16:05 --------- d-----w C:\Program Files\DivX 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT 2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat 2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys 2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-10_21.52.58.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-10 20:38:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-13 19:56:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_aspnet_isapi.dll + 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_CORPerfMonExt.dll + 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_fusion.dll + 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorjit.dll + 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorlib.dll + 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorsn.dll + 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorsvr.dll + 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_mscorwks.dll + 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_msvcr71.dll + 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W2308\_PerfCounter.dll + 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_aspnet_isapi.dll + 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_CORPerfMonExt.dll + 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_fusion.dll + 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorjit.dll + 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorlib.dll + 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorsn.dll + 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorsvr.dll + 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_mscorwks.dll + 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_msvcr71.dll + 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADO W3816\_PerfCounter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}] C:\WINDOWS\qvlbodmnqse.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}] [HKEY_CLASSES_ROOT\mkrndofl.1] [HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}] [HKEY_CLASSES_ROOT\mkrndofl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080] "MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 06:31 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2003-03-31 08:00 44032] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-04 06:59 44544] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [ ] "tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOLService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= . Contents of the 'Scheduled Tasks' folder "2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 21:10:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?4?1?0??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-05-13 21:14:15 ComboFix-quarantined-files.txt 2008-05-13 20:14:05 ComboFix2.txt 2008-05-10 20:54:00 Pre-Run: 10,817,732,608 bytes free Post-Run: 10,802,827,264 bytes free 247 --- E O F --- 2008-05-13 19:42:39

05-14-2008, 05:51 PM	#17 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,494	I'm looking at your Combofix log right now. Did you run option 2 with simtfraudfix? If so, can you please post the log? __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

05-14-2008, 06:05 PM	#19 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,494	OK I'm still looking at your combofix log, I will post later on tonight (France time). __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-12-2008, 05:39 PM	#11 (permalink)
Bulzeye11 Bronze Member Join Date: May 2008 Location: St. Louis, MO Posts: 55	Ya that same thing happened to me had to do a whole new reintsall

05-13-2008, 09:15 PM	#13 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	still running the same, poo! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:31, on 13/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: DVA First - {1D33427A-2A9F-48DA-B4CC-819902B6A2C2} - C:\WINDOWS\qvlbodmnqse.dll (file missing) O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll (file missing) O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 13020 bytes

05-14-2008, 05:11 PM	#15 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	hows that look

05-14-2008, 05:13 PM	#16 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	does it look bad

05-14-2008, 05:59 PM	#18 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	SmitFraudFix v2.320 Scan done at 17:54:23.60, 14/05/2008 Run from C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

05-14-2008, 06:08 PM	#20 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	cool, thanx punk

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HELP riddled with Trojans :(	Hey it's me	Computer Security	32	03-19-2008 05:12 PM
I cant seem to get rid of this virus! please help	dwarfy.mafia	Computer Security	14	10-17-2006 08:42 PM
Base 64.dll	soccerdude	Computer Security	3	09-04-2006 03:16 PM
My Computer is also sick!	beergoggles	Computer Security	12	02-26-2006 10:51 PM
Computer Problems - A joke	Darkomen	General Computer Chat	31	10-31-2005 07:36 PM