i got this virus how do i get rid worm.win32.netboost

texaspete · 05-08-2008, 10:57 PM

worm.win32.netbooster how do i kill it!!!

Punk · 05-08-2008, 11:23 PM

Welcome back Texaspete!

Just like last time (

) please post a Hijackthis log and one of our experts will have a look at your log and give you instructions to fix your infection.

texaspete · 05-10-2008, 12:04 AM

i know i promise this be the last time i need help cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:55, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.ex e
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.ex e
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll
O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11818 bytes

g25racer · 05-10-2008, 12:31 AM

Thats a junked up pc

Punk · 05-10-2008, 01:28 AM

Quote:

Originally Posted by Texaspete

i know i promise this be the last time i need help cheers

Don't worry we're glad to help anyone, even more than one time

Ok some malware in your computer.

let's see what combofix comes up with:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

texaspete · 05-10-2008, 09:43 PM

ComboFix 08-05-09.1 - Peter D Martin 2008-05-10 21:18:58.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Peter D Martin\Desktop\Error Cleaner.url
C:\Documents and Settings\Peter D Martin\Desktop\Privacy Protector.url
C:\Documents and Settings\Peter D Martin\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Peter D Martin\Favorites\Error Cleaner.url
C:\Documents and Settings\Peter D Martin\Favorites\Privacy Protector.url
C:\Documents and Settings\Peter D Martin\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\hgGawTml.dll
C:\WINDOWS\system32\ljJAQKdb.dll
C:\WINDOWS\system32\lmTwaGgh.ini
C:\WINDOWS\system32\lmTwaGgh.ini2
C:\WINDOWS\system32\onobjaqs.dll
C:\WINDOWS\system32\pntpybhc.ini
C:\WINDOWS\system32\sqajbono.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43
2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons
2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-08 20:59 . 2008-05-08 20:20 258,048 --a------ C:\WINDOWS\wetkadmr.dll
2008-05-08 20:59 . 2008-05-08 20:20 225,280 --a------ C:\WINDOWS\tdomgafw.dll
2008-05-08 20:59 . 2008-05-08 20:21 217,088 --a------ C:\WINDOWS\qvlbodmnqse.dll
2008-05-08 20:59 . 2008-05-08 20:21 188,416 --a------ C:\WINDOWS\mkrndofl.dll
2008-05-08 20:59 . 2008-05-08 20:21 81,920 --a------ C:\WINDOWS\knxsrgte.exe
2008-05-08 20:59 . 2008-05-08 20:59 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos
2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-04 14:04 . 2008-05-10 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour
2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco
2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield
2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband
2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe
2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp
2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp
2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder
2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old
2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer
2008-05-04 12:50 --------- d-----w C:\Program Files\iPod
2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:07 248 ----a-w C:\UnInstall.dat
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}]
2008-05-08 20:21 217088 --a------ C:\WINDOWS\qvlbodmnqse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [2008-05-08 20:21 188416]

[HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}]
[HKEY_CLASSES_ROOT\mkrndofl.1]
[HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}]
[HKEY_CLASSES_ROOT\mkrndofl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2003-03-31 08:00 44032]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-04 06:59 44544]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [2008-05-08 20:20 258048]
"tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [2008-05-08 20:20 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 21:39:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?@???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
.
************************************************** ************************
.
Completion time: 2008-05-10 21:53:58 - machine was rebooted [Peter D Martin]
ComboFix-quarantined-files.txt 2008-05-10 20:53:29

Pre-Run: 10,535,129,088 bytes free
Post-Run: 10,492,182,528 bytes free

267 --- E O F --- 2008-05-09 22:36:31

Punk · 05-11-2008, 12:03 PM

Download Avenger, and unzip it to your desktop or somewhere you can find it.Â (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

Open a Notepad file by clicking Start > RunÂ and typing Notepad.exe in the box, click OK.
Click Format, and ensure Word Wrap is unchecked.
Copy and Paste the text in the box below into Notepad.
Now save the file as RemoveFiles.txt in a location where you can find it.

Quote:

Files to delete:
C:\WINDOWS\wetkadmr.dll
C:\WINDOWS\tdomgafw.dll
C:\WINDOWS\qvlbodmnqse.dll
C:\WINDOWS\mkrndofl.dll
C:\WINDOWS\knxsrgte.exe
C:\WINDOWS\system32\kr_done1de

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.

Check Load script from file:
Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
Double click it to enter it into Avenger.
Click the green traffic light symbol.
You will be asked if you want to execute the script, answer Yes.
At this point you may get prompts from your protection systems, allow them please.
Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
Answer Yes, and allow your computer to re-boot.
Upon re-boot a command window will briefly appear on screen (this is normal).
A Notepad text file will be created C:\avenger.txt.
Copy and Paste it into your next post please.

After that, please post a fresh HJT log.

How is your computer running now?

texaspete · 05-11-2008, 09:28 PM

hi punk still running slow and also got the walworrier software pop up wanting to go to there site an buy it. heres hijack

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\wetkadmr.dll" deleted successfully.
File "C:\WINDOWS\tdomgafw.dll" deleted successfully.
File "C:\WINDOWS\qvlbodmnqse.dll" deleted successfully.
File "C:\WINDOWS\mkrndofl.dll" deleted successfully.
File "C:\WINDOWS\knxsrgte.exe" deleted successfully.
File "C:\WINDOWS\system32\kr_done1de" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Punk · 05-11-2008, 09:44 PM

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

texaspete · 05-12-2008, 04:56 PM

SmitFraudFix v2.309

Scan done at 17:06:13.70, 12/05/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PETERD~1\FAVORI~1

C:\DOCUME~1\PETERD~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\PETERD~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\PETERD~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\PETERD~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\PETERD~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\PETERD~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GO EC62~1.DLL"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 194.168.4.100
DNS Server Search Order: 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

05-08-2008, 10:57 PM	#1 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	i got this virus how do i get rid worm.win32.netboost worm.win32.netbooster how do i kill it!!!

05-08-2008, 11:23 PM	#2 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,490	Welcome back Texaspete! Just like last time () please post a Hijackthis log and one of our experts will have a look at your log and give you instructions to fix your infection. __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

05-10-2008, 12:31 AM	#4 (permalink)
g25racer Diamond Member Join Date: Feb 2008 Posts: 3,583	Thats a junked up pc __________________ CPU - AMD Athlon 64x2 5200+ @ 2.6ghz Ram - 2GB Stock clock HD - 320gb seagate & Samsung 750gb 32mb cache GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz PSU - Ultra X-finity 600watt OS - Vista Home Premium(32) & XP Pro and Vista Audio - JVC 460watts Control - Logitech G25 Wheel & Logitech Rumblepad 2 Games - GTR2 and LFS -- Race Sim's for Life --

05-11-2008, 09:44 PM	#9 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,490	Please download SmitfraudFix (by S!Ri) Double-click SmitfraudFix.exe. Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring!** Huck it! I just want to be who I want to be guess that's hard for others to see

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-10-2008, 12:04 AM	#3 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	i know i promise this be the last time i need help cheers Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:16:55, on 10/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.ex e C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.ex e O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 11818 bytes

05-10-2008, 09:43 PM	#6 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	ComboFix 08-05-09.1 - Peter D Martin 2008-05-10 21:18:58.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.141 [GMT 1:00] Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Rabio C:\Documents and Settings\Peter D Martin\Desktop\Error Cleaner.url C:\Documents and Settings\Peter D Martin\Desktop\Privacy Protector.url C:\Documents and Settings\Peter D Martin\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Peter D Martin\Favorites\Error Cleaner.url C:\Documents and Settings\Peter D Martin\Favorites\Privacy Protector.url C:\Documents and Settings\Peter D Martin\Favorites\Spyware&Malware Protection.url C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\rs.txt C:\WINDOWS\system32\hgGawTml.dll C:\WINDOWS\system32\ljJAQKdb.dll C:\WINDOWS\system32\lmTwaGgh.ini C:\WINDOWS\system32\lmTwaGgh.ini2 C:\WINDOWS\system32\onobjaqs.dll C:\WINDOWS\system32\pntpybhc.ini C:\WINDOWS\system32\sqajbono.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))) . 2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43 2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons 2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited 2008-05-08 20:59 . 2008-05-08 20:20 258,048 --a------ C:\WINDOWS\wetkadmr.dll 2008-05-08 20:59 . 2008-05-08 20:20 225,280 --a------ C:\WINDOWS\tdomgafw.dll 2008-05-08 20:59 . 2008-05-08 20:21 217,088 --a------ C:\WINDOWS\qvlbodmnqse.dll 2008-05-08 20:59 . 2008-05-08 20:21 188,416 --a------ C:\WINDOWS\mkrndofl.dll 2008-05-08 20:59 . 2008-05-08 20:21 81,920 --a------ C:\WINDOWS\knxsrgte.exe 2008-05-08 20:59 . 2008-05-08 20:59 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos 2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks 2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-05-04 14:04 . 2008-05-10 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes 2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour 2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime 2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys 2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl 2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll 2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco 2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA 2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield 2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband 2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband 2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll 2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime 2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll 2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe 2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll 2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll 2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe 2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll 2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll 2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp 2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT 2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT 2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT 2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp 2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT 2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT 2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder 2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic 2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old 2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a 2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer 2008-05-04 12:50 --------- d-----w C:\Program Files\iPod 2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard 2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity 2008-03-19 22:44 --------- d-----w C:\Program Files\Google 2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware 2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON 2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-14 16:09 --------- d-----w C:\Program Files\Canon 2008-03-14 16:07 248 ----a-w C:\UnInstall.dat 2008-03-14 16:05 --------- d-----w C:\Program Files\DivX 2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT 2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat 2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys 2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}] 2008-05-08 20:21 217088 --a------ C:\WINDOWS\qvlbodmnqse.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [2008-05-08 20:21 188416] [HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}] [HKEY_CLASSES_ROOT\mkrndofl.1] [HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}] [HKEY_CLASSES_ROOT\mkrndofl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\PO P-UP~1\PSFree.exe" [2005-03-17 12:10 536576] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080] "MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-12-24 03:33 188416] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 06:31 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE " [2003-03-31 08:00 44032] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-29 18:02 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\ Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-04 06:59 44544] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [2008-05-08 20:20 258048] "tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [2008-05-08 20:20 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOLService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= . Contents of the 'Scheduled Tasks' folder "2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 21:39:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?@???? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe . ********************************************** ********************** . Completion time: 2008-05-10 21:53:58 - machine was rebooted [Peter D Martin] ComboFix-quarantined-files.txt 2008-05-10 20:53:29 Pre-Run: 10,535,129,088 bytes free Post-Run: 10,492,182,528 bytes free 267 --- E O F --- 2008-05-09 22:36:31

05-11-2008, 09:28 PM	#8 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	hi punk still running slow and also got the walworrier software pop up wanting to go to there site an buy it. heres hijack Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\wetkadmr.dll" deleted successfully. File "C:\WINDOWS\tdomgafw.dll" deleted successfully. File "C:\WINDOWS\qvlbodmnqse.dll" deleted successfully. File "C:\WINDOWS\mkrndofl.dll" deleted successfully. File "C:\WINDOWS\knxsrgte.exe" deleted successfully. File "C:\WINDOWS\system32\kr_done1de" deleted successfully. Completed script processing. ***************** Finished! Terminate.

05-12-2008, 04:56 PM	#10 (permalink)
texaspete Bronze Member Join Date: Apr 2008 Posts: 80	SmitFraudFix v2.309 Scan done at 17:06:13.70, 12/05/2008 Run from C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Virgin Broadband\PCguard\Rps.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\privacy_danger FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PETERD~1\FAVORI~1 C:\DOCUME~1\PETERD~1\FAVORI~1\Error Cleaner.url FOUND ! C:\DOCUME~1\PETERD~1\FAVORI~1\Privacy Protector.url FOUND ! C:\DOCUME~1\PETERD~1\FAVORI~1\Spyware?Malware Protection.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\PETERD~1\Desktop\Error Cleaner.url FOUND ! C:\DOCUME~1\PETERD~1\Desktop\Privacy Protector.url FOUND ! C:\DOCUME~1\PETERD~1\Desktop\Spyware?Malware Protection.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm" "SubscribedURL"="" "FriendlyName"="Privacy Protection" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GO EC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 194.168.4.100 DNS Server Search Order: 194.168.8.100 HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HELP riddled with Trojans :(	Hey it's me	Computer Security	32	03-19-2008 05:12 PM
I cant seem to get rid of this virus! please help	dwarfy.mafia	Computer Security	14	10-17-2006 08:42 PM
Base 64.dll	soccerdude	Computer Security	3	09-04-2006 03:16 PM
My Computer is also sick!	beergoggles	Computer Security	12	02-26-2006 10:51 PM
Computer Problems - A joke	Darkomen	General Computer Chat	31	10-31-2005 07:36 PM