please check this hijackthis log

S

sensescape

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:38 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\superhack\My Documents\Fran\Yod'm 3D\Yodm3D.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\superhack\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class -
{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program
Files\NetZero\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter -
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program
files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program
Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
/startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program
Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\superhack\My
Documents\Fran\Yod'm 3D\Yodm3D.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-453980663-1981299267-312552118-6124\..\Run: [ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe (User '?')
O4 - HKUS\S-1-5-21-453980663-1981299267-312552118-6124\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-453980663-1981299267-312552118-6124\..\Run: [DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-453980663-1981299267-312552118-6469\..\Run: [ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program
Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -
c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter -
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program
files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
cths.chartertech.org
O17 - HKLM\Software\..\Telephony: DomainName = cths.chartertech.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
cths.chartertech.org
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program
Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\
mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -
C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13459 bytes
 
Hello!
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Thanks for your help the log file is bellow:

ComboFix 08-05-29.1 - superhack 2008-06-01 8:52:29.1 - NTFSx86
Running from: C:\Documents and Settings\superhack\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-28 21:52 . 2008-05-28 21:52 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-28 20:39 . 2008-05-28 20:39 268 --ah----- C:\sqmdata05.sqm
2008-05-28 20:39 . 2008-05-28 20:39 244 --ah----- C:\sqmnoopt05.sqm
2008-05-28 06:59 . 2008-05-28 06:59 268 --ah----- C:\sqmdata04.sqm
2008-05-28 06:59 . 2008-05-28 06:59 244 --ah----- C:\sqmnoopt04.sqm
2008-05-27 20:05 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-27 20:04 . 2007-04-10 17:46 1,966,696 --a------ C:\WINDOWS\system32\drivers\VX3000.sys
2008-05-27 20:04 . 2007-04-10 17:46 709,992 --a------ C:\WINDOWS\vVX3000.exe
2008-05-27 20:04 . 2007-04-10 17:46 476,520 --a------ C:\WINDOWS\vVX3000.dll
2008-05-27 20:04 . 2007-04-10 17:46 202,088 --a------ C:\WINDOWS\system32\LCCoin14.dll
2008-05-27 20:04 . 2007-04-10 17:46 185,704 --a------ C:\WINDOWS\system32\cVX3000.dll
2008-05-27 20:04 . 2007-04-10 17:46 111,976 --a------ C:\WINDOWS\VX3000.dll
2008-05-27 20:04 . 2007-04-10 17:46 15,498 --a------ C:\WINDOWS\VX3000.ini
2008-05-27 20:04 . 2007-04-10 17:46 13,023 --a------ C:\WINDOWS\VX3000.src
2008-05-27 20:01 . 2008-05-27 20:04 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-05-27 20:00 . 2008-05-27 20:00 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-26 12:07 . 2008-05-26 12:07 <DIR> d-------- C:\Program Files\NetZero
2008-05-26 12:07 . 2008-05-26 12:07 <DIR> d-------- C:\NetZeroInstaller
2008-05-26 12:07 . 2008-05-26 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NetZero
2008-05-26 09:19 . 2008-05-26 09:19 268 --ah----- C:\sqmdata03.sqm
2008-05-26 09:19 . 2008-05-26 09:19 244 --ah----- C:\sqmnoopt03.sqm
2008-05-25 18:21 . 2008-05-25 18:21 <DIR> d-------- C:\Documents and Settings\superhack\.thumbnails
2008-05-25 18:20 . 2008-05-26 17:42 <DIR> d-------- C:\Documents and Settings\superhack\.gimp-2.4
2008-05-25 18:19 . 2008-05-25 18:19 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-05-25 15:16 . 2008-05-31 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-25 13:35 . 2008-05-25 13:52 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-25 13:35 . 2008-05-25 13:35 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-25 13:18 . 2008-05-25 13:18 268 --ah----- C:\sqmdata02.sqm
2008-05-25 13:18 . 2008-05-25 13:18 244 --ah----- C:\sqmnoopt02.sqm
2008-05-25 12:01 . 2008-05-25 12:01 268 --ah----- C:\sqmdata01.sqm
2008-05-25 12:01 . 2008-05-25 12:01 244 --ah----- C:\sqmnoopt01.sqm
2008-05-24 22:13 . 2008-05-24 22:13 268 --ah----- C:\sqmdata00.sqm
2008-05-24 22:13 . 2008-05-24 22:13 244 --ah----- C:\sqmnoopt00.sqm
2008-05-24 20:49 . 2008-05-24 20:49 <DIR> d-------- C:\Program Files\Opera
2008-05-18 11:21 . 2008-05-18 11:21 50,200 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-12 12:07 . 2008-05-12 12:07 <DIR> d-------- C:\Program Files\Trymedia
2008-05-12 09:45 . 2008-05-12 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-12 09:42 . 2008-05-12 09:42 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-12 09:41 . 2008-05-12 09:42 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-12 09:38 . 2008-05-12 09:42 <DIR> d-------- C:\Program Files\Macromedia
2008-05-11 10:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-11 10:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-11 10:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-10 22:11 . 2008-05-10 22:11 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-05-10 22:10 . 2008-05-10 22:10 <DIR> d-------- C:\Program Files\mozilla.org
2008-05-10 22:10 . 2008-05-10 22:10 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-05-10 22:10 . 2008-05-24 20:43 9,358 --a------ C:\WINDOWS\mozver.dat
2008-05-10 21:49 . 2008-05-31 21:21 <DIR> d-------- C:\Documents and Settings\superhack\Contacts
2008-05-10 21:29 . 2008-05-10 21:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 21:28 . 2008-05-10 21:40 <DIR> d-------- C:\Program Files\Windows Live
2008-05-10 21:25 . 2008-05-10 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-10 19:54 . 2008-05-10 19:54 <DIR> d-------- C:\Documents and Settings\superhack\Application Data\Aptana
2008-05-10 19:52 . 2008-05-10 19:52 <DIR> d-------- C:\Program Files\Aptana
2008-05-08 20:14 . 2008-05-08 20:15 <DIR> d-------- C:\Program Files\EasyPHP 2.0b1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 12:58 --------- d-----w C:\Documents and Settings\superhack\Application Data\.purple
2008-06-01 01:54 --------- d-----w C:\Documents and Settings\superhack\Application Data\gtk-2.0
2008-05-26 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-26 11:43 --------- d-----w C:\Documents and Settings\superhack\Application Data\uTorrent
2008-05-25 19:18 --------- d-----w C:\Program Files\Google
2008-05-19 22:11 --------- d-----w C:\Documents and Settings\superhack\Application Data\FileZilla
2008-05-18 14:59 --------- d-----w C:\Documents and Settings\superhack\Application Data\LimeWire
2008-05-17 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-16 00:35 --------- d-----w C:\Documents and Settings\superhack\Application Data\McAfee.com Personal Firewall
2008-05-12 16:20 --------- d-----w C:\Program Files\MUSICMATCH
2008-05-12 16:17 --------- d-----w C:\Program Files\Cain
2008-05-12 13:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 18:24 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-09 20:22 --------- d-----w C:\Documents and Settings\superhack\Application Data\Apple Computer
2008-04-23 23:17 --------- d-----w C:\Program Files\LimeWire
2008-04-22 02:03 --------- d-----w C:\Program Files\PowerISO
2008-04-20 20:26 --------- d-----w C:\Program Files\PROnetworks
2008-04-19 18:37 --------- d-----w C:\Documents and Settings\superhack\Application Data\U3
2008-04-17 00:07 --------- d-----w C:\Program Files\Project64 1.6
2008-04-14 23:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-14 19:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 19:19 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-06 16:58 --------- d-----w C:\Documents and Settings\superhack\Application Data\Instantbird
2008-04-06 15:15 --------- d-----w C:\Program Files\Pidgin
2008-04-06 15:15 --------- d-----w C:\Program Files\Aspell
2008-04-06 15:12 --------- d-----w C:\Program Files\Common Files\GTK
2008-04-04 23:53 --------- d-----w C:\Documents and Settings\superhack\Application Data\Thunderbird
2008-04-03 01:48 --------- d-----w C:\Documents and Settings\superhack\Application Data\KompoZer
2008-04-01 00:20 --------- d-----w C:\Program Files\Nvu
2008-04-01 00:20 --------- d-----w C:\Documents and Settings\superhack\Application Data\Nvu
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"RssReader"="C:\Program Files\RssReader\RssReader.exe" [2004-04-04 17:21 1077248]
"Yodm3D"="C:\Documents and Settings\superhack\My Documents\Fran\Yod'm 3D\Yodm3D.exe" [2007-04-21 21:26 2343936]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 20:05 1117184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-28 18:15 169984]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 19:06 110592]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 13:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 18:52 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-04-06 15:58 1032192]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 17:45 279912]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 17:46 709992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-28 18:01:35 24576]
Palo Alto Software Update Manager 9.0.lnk - C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-09-05 15:55:24 122880]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8518a44e-1977-11dd-b58f-0015c566f435}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af311858-f6eb-11dc-aeca-0015c566f435}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 19:45:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-30 22:30:08 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GRTLPTIV0013-GCCS).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 09:00:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 9:06:09
ComboFix-quarantined-files.txt 2008-06-01 13:05:08

Pre-Run: 9,502,236,672 bytes free
Post-Run: 10,025,644,032 bytes free

186 --- E O F --- 2008-05-28 10:32:01
 
Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
Thanks for all your help! here is the log file is there much more i have to do?


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\sqmdata05.sqm" deleted successfully.
File "C:\sqmnoopt05.sqm" deleted successfully.
File "C:\sqmdata04.sqm" deleted successfully.
File "C:\sqmnoopt04.sqm" deleted successfully.
File "C:\sqmdata03.sqm" deleted successfully.
File "C:\sqmnoopt03.sqm" deleted successfully.
File "C:\sqmdata02.sqm" deleted successfully.
File "C:\sqmnoopt02.sqm" deleted successfully.
File "C:\sqmdata01.sqm" deleted successfully.
File "C:\sqmnoopt01.sqm" deleted successfully.
File "C:\sqmdata00.sqm" deleted successfully.
File "C:\sqmnoopt00.sqm" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
You must log in or register to reply here.
Back
Top