Infostealer.Gampass - Free Antivirus Forum

Infostealer.Gampass

BullGuard Antivirus Forum > Virus Removal > Removal Help > Infostealer.Gampass

Forum Quick Jump

26 posts in this thread.
Viewing Page : 1 2

[ << Previous Thread | Next Thread >> ]

Anderson7
New Member

Date Joined Sep 2008
Total Posts : 16

Posted 9-25-2008 10:45 (GMT +1)

Hi,

Norton antivirus recently detected the Infostealer.Gampass on my home pc and in the last few weeks i have discovered my credit card has been used to purchase flights etc. Seems too much of a coincidence not to be related. COuld somebody possibly take a look to see if the virus is still present as Norton said it had been removed but want to be sure.

Let me know what you need.

Thanks in advance

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 9-26-2008 4:14 (GMT +1)

Hello

Click here - >> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Anderson7
New Member

Date Joined Sep 2008
Total Posts : 16

Posted 10-4-2008 2:17 (GMT +1)

Hi, here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10, on 2008-10-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1195760286\ee\AOLSoftware.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SparkleBox KS2 Toolbar - {b67fa914-5d1d-4bea-97f0-87798333ad72} - C:\Program Files\SparkleBox_KS2\tbSpar.dll
O1 - Hosts: 209.150.84.198 www.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: SparkleBox KS2 Toolbar - {b67fa914-5d1d-4bea-97f0-87798333ad72} - C:\Program Files\SparkleBox_KS2\tbSpar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SparkleBox KS2 Toolbar - {b67fa914-5d1d-4bea-97f0-87798333ad72} - C:\Program Files\SparkleBox_KS2\tbSpar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1195760286\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7373C979-7E29-4FEB-9246-7FB9177DE40E}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14145 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2008 at 11:05 PM

Application Version : 4.21.1004

Core Rules Database Version : 3581
Trace Rules Database Version: 1569

Scan type : Complete Scan
Total Scan Time : 00:40:24

Memory items scanned      : 692
Memory threats detected   : 0
Registry items scanned    : 8165
Registry threats detected : 0
File items scanned        : 27986
File threats detected     : 1

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@indextools[2].txt

ComboFix 08-09-28.02 - User 2008-10-04 13:20:22.2 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-09-29 22:22 . 2008-09-29 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 22:21 . 2008-09-29 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-29 22:21 . 2008-09-29 22:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-09-29 22:20 . 2008-09-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-23 20:33 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-23 20:24 . 2008-09-23 20:24 <DIR> d-------- C:\WINDOWS\EHome
2008-09-23 00:00 . 2008-09-23 00:00 <DIR> d-------- C:\WINDOWS\Sun
2008-09-22 22:28 . 2008-04-14 01:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-22 22:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-22 22:26 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 19:01 . 2008-09-17 19:01 <DIR> d-------- C:\Program Files\ProjPresDemo
2008-09-17 19:01 . 2008-09-17 19:06 <DIR> d-------- C:\Program Files\DazPlus
2008-09-17 19:01 . 1998-05-26 12:27 305,152 --a------ C:\WINDOWS\system32\Ppro200.dll
2008-09-09 21:27 . 2008-09-09 21:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-09 20:48 . 2008-09-09 20:48 <DIR> d-------- C:\Program Files\Big Writing Games
2008-09-09 16:52 . 2008-09-09 16:52 <DIR> d-------- C:\Program Files\Common Files\Folio Shared
2008-09-09 16:51 . 2008-09-09 16:58 <DIR> d-------- C:\Program Files\RFViewer
2008-09-09 16:51 . 1996-10-14 01:38 965,904 --a------ C:\WINDOWS\system32\msjt3032.dll
2008-09-09 16:51 . 1997-03-13 14:48 745,984 --a------ C:\WINDOWS\system32\Isgdi32.dll
2008-09-09 16:51 . 1996-02-28 07:47 447,760 --a------ C:\WINDOWS\system32\Dao3032.dll
2008-09-09 16:51 . 1997-05-01 02:01 161,248 --a------ C:\WINDOWS\system32\Splitter.ocx
2008-09-09 16:51 . 1997-07-19 16:00 155,920 --a------ C:\WINDOWS\system32\Comct232.ocx
2008-09-09 16:51 . 1996-12-05 00:00 77,824 --a------ C:\WINDOWS\system32\Odbctl32.dll
2008-09-09 16:51 . 1996-04-04 17:51 25,600 --a------ C:\WINDOWS\Regit.exe
2008-09-09 16:51 . 1997-03-13 14:48 4,264 --a------ C:\WINDOWS\Isgdi32.ini
2008-09-09 16:51 . 1998-06-03 15:15 247 --a------ C:\WINDOWS\system32\RFSystem.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-10-04 12:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 17:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-11 14:09 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-09-01 18:53 --------- d-----w C:\Program Files\SparkleBox_KS2
2008-09-01 18:43 --------- d-----w C:\Program Files\Conduit
2008-08-27 16:35 --------- d-----w C:\Documents and Settings\User\Application Data\ZoomBrowser EX
2008-08-25 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-20 18:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-01-06 21:22 55,088 ----a-w C:\Program Files\MFInstall.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2004-08-04 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b67fa914-5d1d-4bea-97f0-87798333ad72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_CLASSES_ROOT\clsid\{b67fa914-5d1d-4bea-97f0-87798333ad72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b67fa914-5d1d-4bea-97f0-87798333ad72}]
2008-08-20 23:03 1780248 --a------ C:\Program Files\SparkleBox_KS2\tbSpar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b67fa914-5d1d-4bea-97f0-87798333ad72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B67FA914-5D1D-4BEA-97F0-87798333AD72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_CLASSES_ROOT\clsid\{b67fa914-5d1d-4bea-97f0-87798333ad72}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-22 01:03 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 14:07 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-22 11:26 77824]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-11-22 18:17 26112]
"HostManager"="C:\Program Files\Common Files\AOL\1195760286\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 19:03 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 17:47 196608]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 08:47 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 08:47 1057064]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 21:13 1695744]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:54 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-09-06 17:36 70840]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [2000-08-22 12:24 585728]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-22 12:20 32768]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-21 23:02 152952]

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-4-2008 2:38 (GMT +1)

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Anderson7
New Member

Date Joined Sep 2008
Total Posts : 16

Posted 10-4-2008 11:21 (GMT +1)

Thanks touch. Have run Malwarebytes but cannot view log file as i have some geneology software which seems to be the default for viewing txt files, only it doesnt allow me to view the log. Will the log be saved anywhere on the computer as i cant find it and it doesnt give me the option to open the log with another program in the 'log' sectioin of Malwarebytes !?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 10-5-2008 4:43 (GMT +1)

If you have saved the log, rightclick on it - open with, and select Notepad. Otherwise, find a random txt file, and do the same, put a check in - always use etc.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Anderson7
New Member

Date Joined Sep 2008
Total Posts : 16

Posted 10-5-2008 11:35 (GMT +1)

Managed to do it, thanks. Here are the Malware bytes and new Combofix logs.

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

2008-10-04 20:38:55
mbam-log-2008-10-04 (20-38-55).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|)
Objects scanned: 143694
Time elapsed: 1 hour(s), 58 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\My Documents\Daniel\Daniel\SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.

ComboFix 08-09-28.02 - User 2008-10-05 10:41:46.3 - NTFSx86
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-04 15:37 . 2008-10-04 23:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 15:37 . 2008-10-04 15:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-10-04 15:37 . 2008-10-04 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 15:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 15:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 15:36 . 2008-10-04 15:36 1,885,120 --a------ C:\mbam-setup.exe
2008-10-04 14:09 . 2008-10-04 14:09 401,720 --a------ C:\HiJackThis.exe
2008-09-29 22:22 . 2008-09-29 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 22:21 . 2008-09-29 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-29 22:21 . 2008-09-29 22:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-09-29 22:20 . 2008-09-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-23 20:36 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-23 20:33 . 2008-09-23 20:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-23 20:24 . 2008-09-23 20:24 <DIR> d-------- C:\WINDOWS\EHome
2008-09-23 00:00 . 2008-09-23 00:00 <DIR> d-------- C:\WINDOWS\Sun
2008-09-22 22:28 . 2008-04-14 01:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-22 22:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-22 22:26 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 19:01 . 2008-09-17 19:01 <DIR> d-------- C:\Program Files\ProjPresDemo
2008-09-17 19:01 . 2008-09-17 19:06 <DIR> d-------- C:\Program Files\DazPlus
2008-09-17 19:01 . 1998-05-26 12:27 305,152 --a------ C:\WINDOWS\system32\Ppro200.dll
2008-09-09 21:27 . 2008-09-09 21:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-09 20:48 . 2008-09-09 20:48 <DIR> d-------- C:\Program Files\Big Writing Games
2008-09-09 16:52 . 2008-09-09 16:52 <DIR> d-------- C:\Program Files\Common Files\Folio Shared
2008-09-09 16:51 . 2008-09-09 16:58 <DIR> d-------- C:\Program Files\RFViewer
2008-09-09 16:51 . 1996-10-14 01:38 965,904 --a------ C:\WINDOWS\system32\msjt3032.dll
2008-09-09 16:51 . 1997-03-13 14:48 745,984 --a------ C:\WINDOWS\system32\Isgdi32.dll
2008-09-09 16:51 . 1996-02-28 07:47 447,760 --a------ C:\WINDOWS\system32\Dao3032.dll
2008-09-09 16:51 . 1997-05-01 02:01 161,248 --a------ C:\WINDOWS\system32\Splitter.ocx
2008-09-09 16:51 . 1997-07-19 16:00 155,920 --a------ C:\WINDOWS\system32\Comct232.ocx
2008-09-09 16:51 . 1996-12-05 00:00 77,824 --a------ C:\WINDOWS\system32\Odbctl32.dll
2008-09-09 16:51 . 1996-04-04 17:51 25,600 --a------ C:\WINDOWS\Regit.exe
2008-09-09 16:51 . 1997-03-13 14:48 4,264 --a------ C:\WINDOWS\Isgdi32.ini
2008-09-09 16:51 . 1998-06-03 15:15 247 --a------ C:\WINDOWS\system32\RFSystem.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-10-04 19:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 17:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-11 14:09 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-09-01 18:53 --------- d-----w C:\Program Files\SparkleBox_KS2
2008-09-01 18:43 --------- d-----w C:\Program Files\Conduit
2008-08-27 16:35 --------- d-----w C:\Documents and Settings\User\Application Data\ZoomBrowser EX
2008-08-25 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-08-20 18:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-01-06 21:22 55,088 ----a-w C:\Program Files\MFInstall.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2004-08-04 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-04_13.37.45.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 09:33:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_920.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b67fa914-5d1d-4bea-97f0-87798333ad72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_CLASSES_ROOT\clsid\{b67fa914-5d1d-4bea-97f0-87798333ad72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b67fa914-5d1d-4bea-97f0-87798333ad72}]
2008-08-20 23:03 1780248 --a------ C:\Program Files\SparkleBox_KS2\tbSpar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b67fa914-5d1d-4bea-97f0-87798333ad72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B67FA914-5D1D-4BEA-97F0-87798333AD72}"= "C:\Program Files\SparkleBox_KS2\tbSpar.dll" [2008-08-20 23:03 1780248]

[HKEY_CLASSES_ROOT\clsid\{b67fa914-5d1d-4bea-97f0-87798333ad72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-22 11:26 77824]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-11-22 18:17 26112]
"HostManager"="C:\Program Files\Common Files\AOL\1195760286\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 19:03 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 17:47 196608]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 08:47 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 08:47 1057064]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 21:13 1695744]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:54 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-09-06 17:36 70840]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [2000-08-22 12:24 585728]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-22 12:20 32768]
"Cmaudio"="cmicnfg.cpl" [BU]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

Anderson7
New Member

Date Joined Sep 2008
Total Posts : 16

Posted 10-5-2008 11:38 (GMT +1)

Managed to do it thanks. Here are the Malwarebytes & new combofix logs.