Please Help

Oakley
Oakley
in Logs analysis

Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 18:10:53, on 26/11/2008


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16735)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Viewpoint\Common\ViewpointService.exe


C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\zHotkey.exe


C:\WINDOWS\SOUNDMAN.EXE


C:\WINDOWS\ALCWZRD.EXE


C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


C:\WINDOWS\system32\LVCOMSX.EXE


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE


C:\Program Files\iTunes\iTunesHelper.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


C:\Program Files\DNA\btdna.exe


C:\Program Files\BigFix\BigFix.exe


C:\Program Files\Paltalk Messenger\paltalk.exe


C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files\Windows Live\Messenger\usnsvc.exe


C:\Program Files\internet explorer\iexplore.exe


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


O4 - HKLM\..\Run: [CHotkey] zHotkey.exe


O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe


O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe


O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE


O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background


O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe


O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com


O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bigballs101.spaces.live.com//PhotoUpload/MsnPUpld.cab


O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://69.95.9.175/activex/AxisCamControl.cab


O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--


End of file - 7779 bytes

Comments

  • Oakley
    Oakley

    BitDefender Log File !!!!!


    Product : BitDefender Internet Security 2008


    Version : BitDefender UIScanner v.11


    Log date : 19:28:25 26/11/2008


    Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1227745705_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 2266444


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 43


    System plugins : 5


    Unpack plugins : 7


    Overall scan summaryScanned items : 247360


    Infected items : 1


    Suspicious items : 0


    Resolved items : 0


    Individual viruses found : 1


    Scanned directories : 8130


    Scanned boot sectors : 6


    Scanned archives : 7192


    Input-output errors : 29


    Scan time : 00:00:55:43


    Files per second : 73


    Scanned processes summaryScanned : 44


    Infected : 0


    Scanned registry keys summaryScanned : 857


    Infected : 0


    Scanned cookies summaryScanned : 24


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe=](RAR Sfx o)=]SmitfraudFix\IEDFix.C.exe Trojan.Generic.898033 Infected (no action was possible, file was in an archive)


    Resolved issues:Object Name Threat Name Final Status


    Objects that were not scanned:Object Name Reason Final Status


    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip=]sbRecovery.reg Password-Protected No action was possible


    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip=]sbRecovery.ini Password-Protected No action was possible


    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip=]sbRecovery.reg Password-Protected No action was possible


    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip=]sbRecovery.ini Password-Protected No action was possible


    C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab=]WebSearchENU.pdf Password-Protected No action was possible


    C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab=]RdrMsgSplash.pdf Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]agentins.ini Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]agntcons.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]agntinst.htm Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]agntinst.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]agntlang.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]default.htm Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]header.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]HtmlUtil.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/bg_left_1x314.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/bg_left_MSC_165x314.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/icon_info_16x16.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/icon_mcafee_61x61.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_checked_13x13.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_hot_13x13.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]images/icon_progress_unchecked_13x13.gif Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]InstUtil.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]instwiz.css Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]instxp.css Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]mcccom.lpk Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]pbar.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]setcss.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\agentins.ui=]SubInfoData.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]agntcons.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]agntlang.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]comctl.lpk Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]config.ini Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]pbar.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]UnInsStr.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]uninst.vbs Password-Protected No action was possible


    D:\i386\APPS\App12148\msc\shared\agentcfg.cab=]screm.ui=]uninstall.htm Password-Protected No action was possible


    D:\i386\APPS\App17871\data1.cab=]WebSearchENU.pdf Password-Protected No action was possible


    D:\i386\APPS\App17871\data1.cab=]RdrMsgSplash.pdf Password-Protected No action was possible Maby this will help?

  • rootkit
    rootkit ✭✭✭

    Trojan.Generic.898033 Infected in SmitfraudFix it's a FP and it will be fixed.


    The other ar just Password-Protected archives ;)


    To be sure, let see...


    Download Malwarebytes' Anti-malware from here:


    http://www.malwarebytes.org/mbam.php


    Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.


    Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.


    malwarebytes1.png


    After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.


    a5163075fd548685aa01c10a88346d17.png


    When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.


    Paste the scan log here. :)

All Time Leaders

Categories

Defenders of the month