I Need A Fast Answer Quick Please !
Comments
-
FIX
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe0 -
Step 1.
Open a notepad. Make sure the Word Wrap under format menu is not selected. Copy the following the text in bold in notepad:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe"
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe"
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll"
"Help Creative Meow City"="C:\Documents and Settings\All Users\Application Data\aim rect help creative\Wma Aim.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27E4AB42-936F-4EB3-B357-1CA9D2E3550C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AFC929C-14E6-405F-80B8-76312A32540C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99cfb505-af2d-4ee2-a23c-bdc4dc949c76}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C809AB14-C67F-408A-B541-A5A6A7411AD1}]
click File -> Save as...
Save as type: All Files
fill in name: regedit.reg
Save the file on the desktop
Double click regedit.reg and confirm.
Step 2.
Reboot your computer.
Step 3.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, check Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck: Hide protected operating system files (recommended) option.
Click Yes to confirm.
Then click this link--> http://www.virustotal.com/
When the page has finished loading, click the Browse button and navigate to the following file in bold and click Submit.
C:\Documents and Settings\Kodu\Application Data\Junk2Time\Roadeachamen.exe
OR
C:\Program Files\Junk2Time\Roadeachamen.exe
Step 4.
1. Please copy and paste the scan result.
2. Do you know this Junk2Time, have you installed it yourself?
3. Is there anything in add/remove program by this name?0 -
2. Do you know this Junk2Time, have you installed it yourself?
3. Is there anything in add/remove program by this name?
No , i don't know that program , it isn't installed by me and it's not on the add/remove program .
0 -
Antivirus Version Last Update Result
AhnLab-V3 2008.2.27.0 2008.02.27 -
AntiVir 7.6.0.67 2008.02.27 -
Authentium 4.93.8 2008.02.27 Possibly a new variant of W32/Swizzor-based!Maximus
Avast 4.7.1098.0 2008.02.26 -
AVG 7.5.0.516 2008.02.27 -
BitDefender 7.2 2008.02.27 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.27 -
DrWeb 4.44.0.09170 2008.02.27 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5567 2008.02.27 -
Ewido 4.0 2008.02.27 -
FileAdvisor 1 2008.02.27 -
Fortinet 3.14.0.0 2008.02.27 -
F-Prot 4.4.2.54 2008.02.26 W32/Swizzor-based!Maximus
F-Secure 6.70.13260.0 2008.02.27 -
Ikarus T3.1.1.20 2008.02.27 -
Kaspersky 7.0.0.125 2008.02.27 -
McAfee 5238 2008.02.26 -
Microsoft 1.3301 2008.02.27 -
NOD32v2 2905 2008.02.27 -
Norman 5.80.02 2008.02.26 -
Panda 9.0.0.4 2008.02.27 -
Prevx1 V2 2008.02.27 -
Rising 20.33.22.00 2008.02.27 -
Sophos 4.27.0 2008.02.27 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.27 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.26 Trojan.DL.Swizzor.Gen!Pac.2
Webwasher-Gateway 6.6.2 2008.02.27 -
Additional information
File size: 260096 bytes
MD5: 4f88f3cbe0f3e790387943d3c9ec2ae2
SHA1: 5d5ec884ba62d82d98244e352c5a058acdc93f30
PEiD: -0 -
Well done.
Step 1.
Remove Vunofix.exe if you still have it.
Step 2.
Open a notepad. Make sure the word wrap under format menu is not selected.
Copy and paste the text in bold into it.
File::
C:\\StubInstaller.exe
C:\WINDOWS\system32\testscript.tmp
C:\WINDOWS\system32\lpflnieq.dll
C:\WINDOWS\system32\tcqtcmty.dll
C:\WINDOWS\system32\wgrohirn.ini
C:\WINDOWS\system32\ltdedawq.dll
C:\WINDOWS\system32\nsvvnvgp.ini
C:\WINDOWS\system32\yoyinnsd.dll
C:\WINDOWS\system32\hsxnkvco.ini
C:\WINDOWS\system32\wpxcmgla.dll
C:\WINDOWS\system32\focsjuch.ini
C:\WINDOWS\system32\rcfggpys.dll
C:\WINDOWS\system32\vxbgbvsw.ini
C:\WINDOWS\system32\gfurriif.dll
C:\WINDOWS\system32\dkswuddu.ini
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\Roadeachamen.exe
Folder::
C:\VundoFix Backups
C:\Documents and Settings\Kodu\Application Data\Junk2Time
C:\Program Files\Windows Live\Messenger
C:\Program Files\Junk2Time
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
Name it CFScript.txt and save it on your desktop. The file type should be all types.
Drag CFScript.txt into ComboFix.exe. You can see the image showing this here: http://www.fromsej.saknet.dk/billeder/cfscript.gif
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Step 3.
Please post a copy of combofix log and a fresh hijackthislog.0 -
ComboFix 08-02-25.3 - Kodu 2008-02-27 18:34:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1615 [GMT 2:00]
Running from: C:\Documents and Settings\Kodu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kodu\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\\StubInstaller.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\Roadeachamen.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dkswuddu.ini
C:\WINDOWS\system32\focsjuch.ini
C:\WINDOWS\system32\gfurriif.dll
C:\WINDOWS\system32\hsxnkvco.ini
C:\WINDOWS\system32\lpflnieq.dll
C:\WINDOWS\system32\ltdedawq.dll
C:\WINDOWS\system32\nsvvnvgp.ini
C:\WINDOWS\system32\rcfggpys.dll
C:\WINDOWS\system32\tcqtcmty.dll
C:\WINDOWS\system32\testscript.tmp
C:\WINDOWS\system32\wgrohirn.ini
C:\WINDOWS\system32\wpxcmgla.dll
C:\WINDOWS\system32\vxbgbvsw.ini
C:\WINDOWS\system32\yoyinnsd.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\\StubInstaller.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time
C:\Documents and Settings\Kodu\Application Data\Junk2Time\0
C:\Documents and Settings\Kodu\Application Data\Junk2Time\caquzwej.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\dwtjetor.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\eytvqfpe.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\Multi defy meet five.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\oozetrayclock.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\Roadeachamen.exe
C:\Documents and Settings\Kodu\Application Data\Junk2Time\vfyualxt.exe
C:\Program Files\Junk2Time
C:\Program Files\Windows Live\Messenger
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\WINDOWS\system32\dkswuddu.ini
C:\WINDOWS\system32\focsjuch.ini
C:\WINDOWS\system32\gfurriif.dll
C:\WINDOWS\system32\hsxnkvco.ini
C:\WINDOWS\system32\lpflnieq.dll
C:\WINDOWS\system32\ltdedawq.dll
C:\WINDOWS\system32\nsvvnvgp.ini
C:\WINDOWS\system32\rcfggpys.dll
C:\WINDOWS\system32\tcqtcmty.dll
C:\WINDOWS\system32\testscript.tmp
C:\WINDOWS\system32\wgrohirn.ini
C:\WINDOWS\system32\wpxcmgla.dll
C:\WINDOWS\system32\vxbgbvsw.ini
C:\WINDOWS\system32\yoyinnsd.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-27 15:23 . 2008-02-27 15:23 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-27 00:04 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-27 00:03 . 2008-02-27 00:04 <DIR> d-------- C:\Program Files\Java
2008-02-27 00:03 . 2008-02-27 00:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-26 21:00 . 2008-02-26 21:02 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-26 01:13 . 2008-02-26 01:18 109 --a------ C:\WINDOWS\wininit.ini
2008-02-26 00:40 . 2008-02-27 15:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 00:40 . 2008-02-27 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 23:23 . 2008-02-26 01:18 1,260,406 ---hs---- C:\WINDOWS\system32\yaqddihs.ini
2008-02-24 16:58 . 2008-02-24 16:58 <DIR> d-------- C:\Program Files\PremiumSoft
2008-02-24 16:56 . 2008-02-24 16:56 <DIR> d-------- C:\Program Files\MySQL
2008-02-23 09:33 . 2008-02-23 09:33 268 --ah----- C:\sqmdata01.sqm
2008-02-23 09:33 . 2008-02-23 09:33 244 --ah----- C:\sqmnoopt01.sqm
2008-02-22 23:18 . 2008-02-22 23:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 17:57 . 2008-02-26 17:06 2,145,386,496 --a------ C:\WINDOWS\MEMORY.DMP
2008-02-22 16:26 . 2006-02-28 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-22 16:25 . 2006-02-28 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-22 16:23 . 2008-02-22 16:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-22 16:23 . 2008-02-22 16:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-22 16:23 . 2008-02-22 16:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-22 16:23 . 2008-02-22 16:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-22 16:23 . 2008-02-22 16:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-21 18:19 . 2008-02-21 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-21 18:17 . 2008-02-26 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\aim rect help creative
2008-02-21 18:16 . 2008-02-26 21:02 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-02-21 18:16 . 2008-02-21 18:16 <DIR> d-------- C:\Program Files\Circle Developement
2008-02-20 23:11 . 2008-02-26 01:15 <DIR> d-------- C:\Program Files\AdvancedCleaner Free
2008-02-20 23:11 . 2003-03-19 05:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-18 23:58 . 2008-02-23 19:35 <DIR> d-------- C:\Program Files\Macrogaming
2008-02-18 10:12 . 2008-02-18 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-10 22:26 . 2008-02-10 22:26 <DIR> d-------- C:\mydecal
2008-02-10 15:42 . 2008-02-10 15:42 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-02-10 15:41 . 2008-02-10 15:41 <DIR> d-------- C:\Documents and Settings\Kodu\WINDOWS
2008-02-10 15:41 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-07 13:54 . 2008-02-07 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-07 13:38 . 2008-02-07 13:38 <DIR> d-------- C:\Program Files\Sierra
2008-02-04 07:26 . 2008-02-04 07:26 <DIR> d-------- C:\Program Files\ZhyperMU
2008-02-02 01:14 . 2008-02-02 01:14 <DIR> d-------- C:\Documents and Settings\Kodu\Application Data\InstallShield
2008-02-01 21:12 . 2008-02-01 21:12 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-01-30 15:28 . 2008-01-30 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-30 15:25 . 2008-01-30 15:25 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-27 16:20 . 2008-01-27 16:20 <DIR> d-------- C:\Documents and Settings\Kodu\Application Data\Bitdefender
2008-01-27 15:48 . 2008-01-27 15:48 <DIR> d-------- C:\Program Files\Ordi
2008-01-27 15:48 . 2002-08-28 10:45 645,120 --a------ C:\WINDOWS\Ordi.scr
2008-01-27 15:48 . 2008-01-27 15:48 91 --a------ C:\WINDOWS\Ordi.ini
2008-01-27 15:48 . 2008-01-27 15:48 62 --a------ C:\WINDOWS\FSaver.ini
2008-01-27 15:45 . 2008-01-27 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:34 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:33 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-27 06:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-26 18:56 --------- d-----w C:\Program Files\World of Warcraft
2008-02-26 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 12:55 --------- d-----w C:\Documents and Settings\Kodu\Application Data\MegauploadToolbar
2008-02-25 19:47 --------- d-----w C:\Program Files\LimeWire
2008-02-21 12:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-13 16:36 --------- d-----w C:\Program Files\Valve
2008-02-04 05:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 23:16 --------- d-----w C:\Program Files\NCSoft
2008-02-01 23:15 --------- d-----w C:\Program Files\EA GAMES
2008-01-30 13:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-27 15:01 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
2008-01-27 13:49 69,632 ----a-w C:\WINDOWS\uinst001.exe
2008-01-27 13:45 --------- d-----w C:\Program Files\Common Files\Softwin
2008-01-23 19:12 --------- d-----w C:\Program Files\ssClient
2008-01-18 08:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-17 09:20 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-15 13:07 --------- d-----w C:\Program Files\MegauploadToolbar
2008-01-15 06:15 --------- d-----w C:\Program Files\FlashGet
2008-01-08 11:12 --------- d-----w C:\Documents and Settings\Kodu\Application Data\DAEMON Tools
2008-01-08 10:46 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-08 10:43 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-07 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
2008-01-07 13:19 --------- d-----w C:\Program Files\Common Files\DirectX
2008-01-07 02:35 --------- d-----w C:\Documents and Settings\Kodu\Application Data\GetRightToGo
2008-01-05 23:57 --------- d-----w C:\Program Files\Lizard Interactive Co
2008-01-05 17:54 --------- d-----w C:\Program Files\Arjaloc
2008-01-05 12:30 --------- d-----w C:\Program Files\Neffy
2008-01-04 17:37 --------- d-----w C:\Program Files\Ubisoft
2008-01-02 13:15 --------- d-----w C:\Program Files\Disc2Phone
2007-12-31 22:48 --------- d-----w C:\Documents and Settings\Kodu\Application Data\Winamp
2007-12-31 20:43 --------- d-----w C:\Documents and Settings\Kodu\Application Data\Talkback
2007-12-31 20:42 --------- d-----w C:\Program Files\Winamp
2007-12-31 20:18 --------- d-----w C:\Program Files\Google
2007-12-30 10:46 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-29 16:20 --------- d-----w C:\Program Files\Radical Games
2007-12-25 16:22 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-25 16:00 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-25 14:34 286,720 ----a-w C:\WINDOWS\iun506.exe
2005-04-04 09:21 29,998 ----a-w C:\WINDOWS\inf\install.exe
2005-04-04 09:21 25,119 ----a-w C:\WINDOWS\inf\update.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-26 04:32 171448]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05 8429568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Reboot.exe [2006-12-29 12:35:16 409088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Valve\\cstrike\\valve\\hl.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27015:TCP"= 27015:TCP:UDP Port
R2 MySQL4;MySQL4;"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt" []
S3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 11:36]
S3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\Drivers\Axtmvprt.sys [2007-03-26 09:25]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 16:00:01 C:\WINDOWS\Tasks\B18C1109915B84D9.job"
- c:\docume~1\kodu\applic~1\junk2t~1\Roadeachamen.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:36:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 18:36:43
ComboFix-quarantined-files.txt 2008-02-27 16:36:40
ComboFix2.txt 2008-02-27 05:50:11
ComboFix3.txt 2008-02-26 13:10:49
.
2008-02-27 05:38:11 --- E O F ---0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:05, on 27.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\clear.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live'i sisselogimisabiline - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198603750796
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MySQL4 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 5916 bytes0 -
Now your computer is totally clean. Lets finish the job:
[*]Uninstall combofix to do that go to: Start >> Run... Type: Combofix /u and click OK.
If you face any problem with uninstalling manually remove combofix and C:\Qoobox
[*]Go to control panel - add/remove programs - select BitDefender - click on Change - next - select repair - after repair update BD.
[*]Reboot and run ATF cleaner. Then empty your system volume information to get rid of recreation of infection by windows recovery. To do that: go to start-right click My Computer-select properties- under system restore tab- check turn off system restore on all drives. Click apply. By doing this you loose all your (infected) restore points. Reboot and don't forget to uncheck "turn off system restore on all drives" to create a clean restore point.
[*] Optional but recommended:Let your system be scanned by BD.
[*] Optional but recommended: Download free version of AVG antispyware/antimalware (not antivirus), install, update and make a complete scan.
I am sorry for any misunderstanding or miscommunication on my part. And I wish you all the best. If you needed assistance let me know.0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:16, on 27.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\clear.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live'i sisselogimisabiline - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AudioSettings] C:\DOCUME~1\Kodu\APPLIC~1\JUNK2T~1\oozetrayclock.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198603750796
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MySQL4 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6162 bytes
thought that i should post it ^^
0 -
Oh , and if my system is clean atlast then i want to give big thanks to : farbar , Chesda , Niels and adt
and the whole BD employees , and this forum too 
0 -
Oh , and if my system is clean atlast then i want to give big thanks to : farbar , Chesda , Niels and adt and the whole BD employees , and this forum too
I am not a BD employee, neither the the people you named. I did this in my spare time. And you are welcome.0 -
I am not a BD employee, neither the the people you named. I did this in my spare time. And you are welcome.
I know , and that was real nice of you . ( there was a pronoun "and" between the names of ya'll and the BD employees too so i didn't think you are an employee xD ) But let's not start arguing about it !!
Thank you again.0 -
You're welcome.
Good to hear your system is clean now.0 -
are you all some computer spets ?
0
