Windows antivirus and pop up virus/spyware

Posted 7/8/2008 2:11 PM
#63331
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
I recently got a virus that acts like windows antivirus and tries to get me to buy spyshedder or something like that. Also i keep getting pop ups for porn or trying to get me to buy something. I ran a virus and spyware program that said it deleted all the infection and viruses on my comp but it is still happening. I had to go into my setup and stop most of it from starting during start up now but i would like to remove it from my computer completely. Im kind of new to this virus removal stuff so im not sure what you need i am running with vista btw. any help would be great
Posted 7/8/2008 3:43 PM
#63335
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
hello :smile:







1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe

2 Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT

3 Run hijackthis. (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.

HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.

Post hijackthis log here


NB. On Windows Vista, right-click the HijackThis© icon and select "Run as administrator”

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/8/2008 11:00 PM
#63347
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
When i ran it a long error came up but this is what came up when it finished

Logfile of HijackThis v1.99.1
Scan saved at 6:57:35 PM, on 7/8/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Users\Josh Hudson\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Josh Hudson\Downloads\hijak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20177355-706D-416B-A23B-49443A7118F3} - C:\Windows\system32\ssqOFUOe.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Josh Hudson\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\khfDuUnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 7/9/2008 4:54 AM
#63350
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please download Combofix:

[color=#222222][2]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/2][/color]

[2] [/2]

[2] [/2]

And save to the desktop.


[2]Close all other browser windows.[/2]

[2] [/2]

[2]Please connect all your external hard drive/flash drive before running Combofix[/2]

[2] [/2]

[2] [/2]

[2] [/2]

[2]Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".[/2]

[2] [/2]

[2] [/2]

[2]Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.[/2]

[2] [/2]

[2]Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.[/2]


When finished, it will produce a logfile located at C:\combofix.txt.




Post the contents of that log in your next reply with a new hijackthis log.



[2]Please copy and paste your log files. DO NOT add it as an attachment[/2]






[2]NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/9/2008 12:07 PM
#63368
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
ComboFix 08-07-08.7 - Josh Hudson 2008-07-09 8:00:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2124 [GMT -4:00]
Running from: C:\Users\Josh Hudson\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Windows\system32\sex1.ico
C:\Windows\system32\sex2.ico
C:\Windows\system32\vav.cpl

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 12:02 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\BitTorrent
2008-07-09 12:00 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DNA
2008-07-09 11:57 --------- d---a-w C:\ProgramData\TEMP
2008-07-09 11:57 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-08 23:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-08 13:05 --------- d-----w C:\Program Files\Trend Micro
2008-07-08 12:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-08 04:53 80 ----a-w C:\Users\Josh Hudson\AppData\Roaming\wklnhst.dat
2008-07-08 04:53 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\Template
2008-07-08 04:09 --------- d-----w C:\Program Files\WinTV
2008-07-08 04:04 --------- d-----w C:\Program Files\RegCure
2008-07-08 02:14 --------- d-----w C:\ProgramData\Roxio
2008-07-08 01:50 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-07-08 01:49 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PC Tools
2008-07-08 01:49 --------- d-----w C:\ProgramData\PC Tools
2008-07-07 13:59 28,800 ----a-w C:\Windows\System32\ssqOFUOe.dll
2008-07-07 13:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-07 12:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DivX
2008-07-07 12:30 --------- d-----w C:\Program Files\DivX
2008-07-07 12:30 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-07 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 00:32 --------- d-----w C:\Program Files\Common Files\IviSDK
2008-06-18 18:31 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-10 22:30 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 22:12 682,232 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-10 22:09 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\Roxio
2008-06-03 02:23 --------- d-----w C:\Program Files\Google
2008-06-03 02:15 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PeerNetworking
2008-06-02 07:08 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-06-02 07:08 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-02 07:06 944,184 ----a-w C:\Windows\System32\winload.exe
2008-06-02 07:06 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-06-02 07:06 620,088 ----a-w C:\Windows\System32\ci.dll
2008-06-02 07:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-02 07:06 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-02 07:06 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-06-02 07:06 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-06-02 07:06 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-02 07:06 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-02 07:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-02 07:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-02 07:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-02 07:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-02 07:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 07:04 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-02 07:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-02 07:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-02 07:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-02 07:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-02 07:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-02 01:29 --------- d-----w C:\Program Files\DNA
2008-06-02 01:29 --------- d-----w C:\Program Files\BitTorrent
2008-06-02 00:17 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-06-02 00:17 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-06-02 00:17 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-06-02 00:17 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-06-02 00:16 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-06-02 00:16 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-06-02 00:16 33,624 ----a-w C:\Windows\System32\wups.dll
2008-06-02 00:16 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-06-02 00:16 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-06-01 23:27 --------- d-----w C:\Program Files\Common Files\Remote Control Software Common
2008-06-01 23:26 --------- d-----w C:\Program Files\Logitech
2008-06-01 23:26 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2008-06-01 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-01 23:25 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\InstallShield
2008-06-01 22:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 21:43 --------- d-----w C:\ProgramData\AOL OCP
2008-06-01 21:42 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\acccore
2008-06-01 21:42 --------- d-----w C:\ProgramData\Viewpoint
2008-06-01 21:42 --------- d-----w C:\ProgramData\AOL
2008-06-01 21:42 --------- d-----w C:\Program Files\Viewpoint
2008-06-01 21:42 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-01 21:42 --------- d-----w C:\Program Files\AIM6
2008-06-01 19:16 --------- d-----w C:\Program Files\support.com
2008-05-30 17:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-30 17:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-30 17:19 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-30 17:19 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-26 20:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\ATI
2008-05-26 20:30 --------- d-----w C:\ProgramData\ATI
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Templates
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Start Menu
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Favorites
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Documents
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Desktop
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Application Data
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 22:38 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-05-09 22:38 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-05-09 22:38 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-05-09 22:38 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-05-09 22:38 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-09 22:38 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-09 22:37 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-05-09 22:35 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-09 22:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
2008-07-07 09:59 28800 --a------ C:\Windows\system32\ssqOFUOe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"BitTorrent DNA"="C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" [2008-06-02 08:22 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 11:03 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 09:26 4452352 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-01 19:26:04 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{20177355-706D-416B-A23B-49443A7118F3}"= "C:\Windows\system32\ssqOFUOe.dll" [2008-07-07 09:59 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-09 11:13 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
--a------ 2008-07-07 10:04 318208 C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6BAD6EC-0CD8-4C8D-B2AB-F334825A0ABF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{32B32560-1944-4D0B-BEDE-A1D92713A627}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{20B2A54D-CC08-42CC-BF98-DDF951803BAB}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D32F850-9CD8-4D18-ACE0-08811776C50D}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{B7A30357-2316-4430-974D-EB1E9716403D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{ECCC1027-4640-4362-BA3C-9A39318A2FE0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D82A9F86-44C0-426A-94EE-402746B10EAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2B27A29B-F078-465D-AE45-95FCD703DB83}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{40435C03-72DB-4CE2-98C8-A2B9DC08A580}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{58211F4C-DEC4-4033-9B4B-FFB75D246F9E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{DB09820A-50E0-483E-BA45-97796820BCD2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BB9DFF95-E855-4660-BCE6-92ECBF2B1C7C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{3DDEEB8D-69DD-4E33-9590-C74104597415}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{D3EC16AD-C47D-4F2F-BBB2-43B36C36422F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{F761ED08-71C5-4EDF-8A60-64B44C3AAF58}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{5B9A829C-5D51-40E8-B97F-0AFAE36898BF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-04-10 15:14]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-24 06:37]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 08:21]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-09 11:03]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 03:30:21 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-08 04:10:56 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSServer - C:\Users\JOSHHU~1\AppData\Local\Temp\khfDuUnl.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 08:02:26
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 8:03:20
ComboFix-quarantined-files.txt 2008-07-09 12:03:17

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 414,349,041,664 bytes free

218 --- E O F --- 2008-07-09 03:26:35
Posted 7/9/2008 12:09 PM
#63369
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
Logfile of HijackThis v1.99.1
Scan saved at 8:09:14 AM, on 7/9/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Users\Josh Hudson\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Josh Hudson\Downloads\hijak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20177355-706D-416B-A23B-49443A7118F3} - C:\Windows\system32\ssqOFUOe.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Josh Hudson\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOSHHU~1\AppData\Local\Temp\urqnMGVO.dll,#1
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 7/10/2008 2:29 PM
#63399
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
well havent heard back but the icon is gone from my control panel.. i still get random pop ups though
Posted 7/10/2008 3:43 PM
#63402
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok.




Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch



Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.





Copy and Paste that log into your next reply, along with new combofix log.




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/10/2008 9:41 PM
#63414
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 6.0.6000

5:39:36 PM 7/10/2008
mbam-log-7-10-2008 (17-39-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124168
Time elapsed: 26 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Josh Hudson\AppData\Local\Temp\sSmjIxwu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\ssqOFUOe.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{20177355-706d-416b-a23b-49443a7118f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Josh Hudson\AppData\Local\Temp\sSmjIxwu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ssqOFUOe.dll (Trojan.Vundo) -> Delete on reboot.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AMI0X06\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKRLEIDK\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKRLEIDK\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Temp\gottanqm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Temp\lojqyykv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Temp\pomubbqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Temp\sknwhsci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Josh Hudson\AppData\Local\Temp\yayxxxUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Posted 7/10/2008 9:54 PM
#63415
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
ComboFix 08-07-10.1 - Josh Hudson 2008-07-10 17:50:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2232 [GMT -4:00]
Running from: C:\Users\Josh Hudson\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 17:08 . 2008-07-10 17:08 d-------- C:\Users\Josh Hudson\AppData\Roaming\Malwarebytes
2008-07-10 17:08 . 2008-07-10 17:08 d-------- C:\Users\All Users\Malwarebytes
2008-07-10 17:08 . 2008-07-10 17:08 d-------- C:\ProgramData\Malwarebytes
2008-07-10 17:08 . 2008-07-10 17:08 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 17:08 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-10 17:08 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-09 23:27 . 2008-07-09 23:27 d-------- C:\Users\Josh Hudson\AppData\Roaming\My Games
2008-07-09 23:27 . 2008-07-09 23:27 d-------- C:\Users\All Users\Trymedia
2008-07-09 23:27 . 2008-07-09 23:27 d-------- C:\ProgramData\Trymedia
2008-07-09 23:21 . 2008-07-09 23:21 d-------- C:\Program Files\Firaxis Games
2008-07-09 23:20 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-07-09 23:19 . 2008-07-09 23:19 d--h----- C:\Windows\msdownld.tmp
2008-07-09 20:56 . 2008-07-09 20:56 d-------- C:\Program Files\AC3Filter
2008-07-09 20:30 . 2008-07-09 20:31 d-------- C:\Users\Josh Hudson\AppData\Roaming\Creative
2008-07-09 18:44 . 2008-07-09 18:44 d-------- C:\Intel
2008-07-09 18:08 . 2008-07-09 18:08 d-------- C:\Windows\System32\Lang
2008-07-09 18:08 . 2007-09-25 07:10 920,088 --a------ C:\Windows\System32\igxpun.exe
2008-07-09 18:08 . 2007-09-25 07:10 319,456 --a------ C:\Windows\System32\difxapi.dll
2008-07-08 08:55 . 2008-07-09 08:06 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-08 08:55 . 2008-07-09 08:06 d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-08 08:55 . 2008-07-08 08:55 d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-08 00:53 . 2008-07-08 00:53 d-------- C:\Users\Josh Hudson\AppData\Roaming\Template
2008-07-08 00:53 . 2008-07-08 00:53 80 --a------ C:\Users\Josh Hudson\AppData\Roaming\wklnhst.dat
2008-07-07 23:59 . 2008-07-08 00:04 d-------- C:\Program Files\RegCure
2008-07-07 21:49 . 2008-07-07 21:49 d-------- C:\Users\Josh Hudson\AppData\Roaming\PC Tools
2008-07-07 21:49 . 2008-07-10 17:46 d-a------ C:\Users\All Users\TEMP
2008-07-07 21:49 . 2008-07-07 21:49 d-------- C:\Users\All Users\PC Tools
2008-07-07 21:49 . 2008-07-10 17:46 d-a------ C:\ProgramData\TEMP
2008-07-07 21:49 . 2008-07-07 21:49 d-------- C:\ProgramData\PC Tools
2008-07-07 21:49 . 2008-07-10 17:46 d-------- C:\Program Files\Spyware Doctor
2008-07-07 21:49 . 2008-07-07 21:50 d-------- C:\Program Files\Common Files\PC Tools
2008-07-07 21:49 . 2008-04-10 15:14 159,880 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-07-07 21:49 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-07 21:49 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-07 21:49 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-07 21:49 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-07 09:01 . 2008-07-07 09:14 d-------- C:\Users\All Users\Microsoft Help
2008-07-07 09:01 . 2008-07-07 09:14 d-------- C:\ProgramData\Microsoft Help
2008-07-07 08:30 . 2008-07-09 20:46 d-------- C:\Users\Josh Hudson\AppData\Roaming\DivX
2008-07-07 08:30 . 2008-07-07 08:30 d-------- C:\Program Files\DivX
2008-07-06 20:32 . 2008-07-06 20:32 d-------- C:\Program Files\Common Files\IviSDK
2008-07-06 20:31 . 2000-02-11 16:58 995,383 --a------ C:\Windows\System32\temp.005
2008-07-06 20:31 . 2000-03-07 15:22 278,581 --a------ C:\Windows\System32\temp.004
2008-07-06 20:31 . 1998-06-16 19:45 77,878 --a------ C:\Windows\System32\temp.003
2008-07-06 20:31 . 2008-07-06 20:32 3,783 --a------ C:\Windows\HCWPNP.INI
2008-07-06 20:29 . 2008-03-17 13:11 d-------- C:\Users\Josh Hudson\cd_4.1a
2008-07-06 20:29 . 2007-10-01 08:21 1,129,344 --a------ C:\Windows\System32\drivers\HCW85BDA.sys
2008-07-06 20:29 . 2007-10-01 08:20 140,800 --a------ C:\Windows\System32\hcw85enc.ax
2008-07-06 20:29 . 2007-10-01 08:20 115,712 --a------ C:\Windows\System32\hcw85prop.ax
2008-07-06 20:27 . 2000-02-11 16:58 995,383 --a------ C:\Windows\System32\temp.002
2008-07-06 20:27 . 2001-07-19 07:44 393,216 --a------ C:\Windows\System32\hcwsnbd9.dll
2008-07-06 20:27 . 2000-03-07 15:22 278,581 --a------ C:\Windows\System32\temp.001
2008-07-06 20:27 . 1998-06-16 19:45 77,878 --a------ C:\Windows\System32\temp.000
2008-06-18 14:31 . 2008-06-18 14:31 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-14 09:16 . 2008-04-23 01:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 09:16 . 2008-04-23 00:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 09:16 . 2008-04-23 01:12 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 09:16 . 2008-04-23 01:12 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 09:16 . 2008-04-23 01:12 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 09:16 . 2008-04-23 01:11 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 09:16 . 2008-04-23 01:11 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-10 18:12 . 2008-06-10 18:12 682,232 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-10 18:09 . 2008-06-10 18:09 d-------- C:\Users\Josh Hudson\AppData\Roaming\Roxio
2008-06-10 18:09 . 2008-07-07 22:14 d-------- C:\Users\All Users\Roxio
2008-06-10 18:09 . 2008-07-07 22:14 d-------- C:\ProgramData\Roxio
2008-06-10 18:07 . 2008-04-26 03:41 1,327,616 --a------ C:\Windows\System32\quartz.dll
2008-06-10 18:07 . 2008-05-09 21:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 18:07 . 2008-05-09 23:30 14,848 --a------ C:\Windows\System32\wshrm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 21:41 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\DNA
2008-07-10 03:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 01:09 --------- d-----w C:\ProgramData\Creative
2008-07-10 01:02 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\BitTorrent
2008-07-09 23:54 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 23:47 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 13:05 --------- d-----w C:\Program Files\Trend Micro
2008-07-08 04:09 --------- d-----w C:\Program Files\WinTV
2008-07-07 12:30 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-03 02:23 --------- d-----w C:\Program Files\Google
2008-06-03 02:15 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\PeerNetworking
2008-06-02 07:08 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-06-02 07:08 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-02 07:06 944,184 ----a-w C:\Windows\System32\winload.exe
2008-06-02 07:06 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-06-02 07:06 620,088 ----a-w C:\Windows\System32\ci.dll
2008-06-02 07:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-02 07:06 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-02 07:06 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-06-02 07:06 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-06-02 07:06 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-02 07:06 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-02 07:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-02 07:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-02 07:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-02 07:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-02 07:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 07:04 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-02 07:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-02 07:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-02 07:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-02 07:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-02 07:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-02 01:29 --------- d-----w C:\Program Files\DNA
2008-06-02 01:29 --------- d-----w C:\Program Files\BitTorrent
2008-06-02 00:17 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-06-02 00:17 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-06-02 00:17 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-06-02 00:17 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-06-02 00:16 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-06-02 00:16 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-06-02 00:16 33,624 ----a-w C:\Windows\System32\wups.dll
2008-06-02 00:16 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-06-02 00:16 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-06-01 23:27 --------- d-----w C:\Program Files\Common Files\Remote Control Software Common
2008-06-01 23:26 --------- d-----w C:\Program Files\Logitech
2008-06-01 23:26 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2008-06-01 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-01 23:25 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\InstallShield
2008-06-01 22:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 21:43 --------- d-----w C:\ProgramData\AOL OCP
2008-06-01 21:42 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\acccore
2008-06-01 21:42 --------- d-----w C:\ProgramData\Viewpoint
2008-06-01 21:42 --------- d-----w C:\ProgramData\AOL
2008-06-01 21:42 --------- d-----w C:\Program Files\Viewpoint
2008-06-01 21:42 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-01 21:42 --------- d-----w C:\Program Files\AIM6
2008-06-01 19:16 --------- d-----w C:\Program Files\support.com
2008-05-30 18:19 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll
2008-05-30 17:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-30 17:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-30 17:19 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-30 17:19 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-26 20:30 --------- d-----w C:\Users\Josh Hudson\AppData\Roaming\ATI
2008-05-26 20:30 --------- d-----w C:\ProgramData\ATI
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Templates
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Start Menu
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Favorites
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Documents
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Desktop
2008-05-26 20:25 --------- d-sh--w C:\ProgramData\Application Data
2008-05-09 22:38 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-05-09 22:38 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-05-09 22:38 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-05-09 22:38 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-05-09 22:38 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-09 22:38 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-09 22:37 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-05-09 22:35 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-09 22:35 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-09 22:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-09 22:35 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-05-09 22:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-05-09 22:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-05-09 22:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-09 22:33 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-05-09 22:32 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-05-09 22:30 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-05-09 22:29 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-09 22:29 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-09 22:29 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-05-09 22:29 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-05-09 22:29 2,048 ----a-w C:\Windows\System32\msxml3r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"BitTorrent DNA"="C:\Users\Josh Hudson\Program Files\DNA\btdna.exe" [2008-06-02 08:22 289088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 11:03 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-25 07:10 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-25 07:10 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-25 07:10 129560]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-07 17:35 1175160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 09:26 4452352 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-01 19:26:04 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-09 11:13 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6BAD6EC-0CD8-4C8D-B2AB-F334825A0ABF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{32B32560-1944-4D0B-BEDE-A1D92713A627}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{20B2A54D-CC08-42CC-BF98-DDF951803BAB}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D32F850-9CD8-4D18-ACE0-08811776C50D}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{B7A30357-2316-4430-974D-EB1E9716403D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{ECCC1027-4640-4362-BA3C-9A39318A2FE0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D82A9F86-44C0-426A-94EE-402746B10EAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2B27A29B-F078-465D-AE45-95FCD703DB83}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{40435C03-72DB-4CE2-98C8-A2B9DC08A580}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{58211F4C-DEC4-4033-9B4B-FFB75D246F9E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{DB09820A-50E0-483E-BA45-97796820BCD2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BB9DFF95-E855-4660-BCE6-92ECBF2B1C7C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{3DDEEB8D-69DD-4E33-9590-C74104597415}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{D3EC16AD-C47D-4F2F-BBB2-43B36C36422F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{F761ED08-71C5-4EDF-8A60-64B44C3AAF58}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{5B9A829C-5D51-40E8-B97F-0AFAE36898BF}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-04-10 15:14]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-24 06:37]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 08:21]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 21:43:07 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 21:05:13 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-cmds - C:\Users\JOSHHU~1\AppData\Local\Temp\yayxxxUN.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 17:52:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-10 17:52:59
ComboFix-quarantined-files.txt 2008-07-10 21:52:56
ComboFix2.txt 2008-07-09 12:03:20

Pre-Run: 402,222,424,064 bytes free
Post-Run: 402,207,875,072 bytes free

268 --- E O F --- 2008-07-09 23:47:52
Posted 7/11/2008 7:12 AM
#63426
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/11/2008 12:56 PM
#63436
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
so far so good. Thanks a bunch you were a great help.
Posted 7/12/2008 5:21 AM
#63465
User avatar

joshhud Member

Date Joined Nov 2016
Total Posts: 9
when i click cleanup it says file access denied.
Posted 7/12/2008 5:37 AM
#63467
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Delete the alternativ/hijackthis manually then.

Uninstall ComboFix.exe and all Backups of files that it deleted
Click START then RUN
Now type/copy: Combofix /u in the runbox and click OK.

Note the space between the X and the U, it needs to be there.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, May 1, 2017, 8:16 AM (GMT +2)
There are a total of 61,198 posts in 13,463 threads.
In the last 3 days there were 0 new threads and 4 reply posts.

Who's online

This forum has 38,021 registered members. Please welcome our newest member, kevint89.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.