Please Help

Oakley

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:10:53, on 26/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Paltalk Messenger\paltalk.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bigballs101.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://69.95.9.175/activex/AxisCamControl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

End of file - 7779 bytes

Find more posts tagged with

Comments

Oakley

BitDefender Log File !!!!!

Product : BitDefender Internet Security 2008

Version : BitDefender UIScanner v.11

Log date : 19:28:25 26/11/2008

Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1227745705_1_02.xml

Scan Paths:Path0000: C:\

Path0001: \

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : Yes

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 2266444

Archive plugins : 43

Email plugins : 6

Scan plugins : 12

Archive plugins : 43

System plugins : 5

Unpack plugins : 7

Overall scan summaryScanned items : 247360

Infected items : 1

Suspicious items : 0

Resolved items : 0

Individual viruses found : 1

Scanned directories : 8130

Scanned boot sectors : 6

Scanned archives : 7192

Input-output errors : 29

Scan time : 00:00:55:43

Files per second : 73

Scanned processes summaryScanned : 44

Infected : 0

Scanned registry keys summaryScanned : 857

Infected : 0

Scanned cookies summaryScanned : 24

Infected : 0

Remaining issues:Object Name Threat Name Final Status

C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe=](RAR Sfx o)=]SmitfraudFix\IEDFix.C.exe Trojan.Generic.898033 Infected (no action was possible, file was in an archive)

Resolved issues:Object Name Threat Name Final Status

Objects that were not scanned:Object Name Reason Final Status

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab=]WebSearchENU.pdf Password-Protected No action was possible

C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab=]RdrMsgSplash.pdf Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]agentins.ini Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]agntcons.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]agntinst.htm Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]agntinst.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]agntlang.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]default.htm Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]header.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]HtmlUtil.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/bg_left_1x314.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/bg_left_MSC_165x314.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/icon_info_16x16.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/icon_mcafee_61x61.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_checked_13x13.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_hot_13x13.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_unchecked_13x13.gif Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]InstUtil.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]instwiz.css Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]instxp.css Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]mcccom.lpk Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]pbar.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]setcss.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\agentins.ui=]SubInfoData.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]agntcons.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]agntlang.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]comctl.lpk Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]config.ini Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]pbar.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]UnInsStr.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]uninst.vbs Password-Protected No action was possible

\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]uninstall.htm Password-Protected No action was possible

\i386\APPS\App17871\data1.cab=]WebSearchENU.pdf Password-Protected No action was possible

\i386\APPS\App17871\data1.cab=]RdrMsgSplash.pdf Password-Protected No action was possible Maby this will help?

rootkit

Trojan.Generic.898033 Infected in SmitfraudFix it's a FP and it will be fixed.

The other ar just Password-Protected archives

To be sure, let see...

Download Malwarebytes' Anti-malware from here:

http://www.malwarebytes.org/mbam.php

Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.

Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.

After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.

When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.

Paste the scan log here.