Hello and greetings from beautiful Greece....Sun,sea,drinks,babes and infected as hell computers too.So,I would appreciate your help
Here we go...
BitDefender log
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Jun 29, 2007 - 12:23:24
Scan Info
Scanned Files 173809
Infected Files 6
Virus Detected
Trojan.Peed.OK 5
Trojan.Downloader.Agent.YGC 1
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Scan report generated at: Fri, Jun 29, 2007 - 12:20:57
Scan path: A:\;C:\;D:\;F:\;G:\;
Statistics
Time
01:10:26
Files
168999
Folders
4765
Boot Sectors
4
Archives
937
Packed Files
16446
Results
Identified Viruses
3
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
607640
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP13\A0004485.exe
Infected with: Trojan.Peed.OK
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP13\A0004485.exe
Disinfection failed
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP13\A0004485.exe
Deleted
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004501.exe
Infected with: Trojan.Peed.OK
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004501.exe
Disinfection failed
C:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004501.exe
Deleted
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004528.exe
Infected with: Trojan.Peed.OK
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004528.exe
Disinfection failed
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004528.exe
Deleted
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004529.exe
Infected with: Trojan.Peed.OK
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004529.exe
Disinfection failed
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004529.exe
Deleted
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004530.exe
Infected with: Trojan.Peed.OK
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004530.exe
Disinfection failed
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP17\A0004530.exe
Deleted
D:\WINDOWS\msole.dll
Infected with: Trojan.Downloader.Agent.YGC
D:\WINDOWS\msole.dll
Disinfection failed
D:\WINDOWS\msole.dll
Delete failed
HiJack this log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:49 µµ, on 29/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Documents and Settings\Bunny-Toforos\Desktop\HiJackThis_v2.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - D:\WINDOWS\ddesupport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] D:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O21 - SSODL: msole - {A4CA04F9-071E-48A2-9028-B0981F19613D} - D:\WINDOWS\msole.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 1: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
--
End of file - 6131 bytes
SdFix log
SDFix: Version 1.88
Run by Bunny-Toforos on ãà? 29/06/2007 at 12:42 ææ
Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
D:\Documents and Settings\Bunny-Toforos\Favorites\Error Cleaner.url - Deleted
D:\Documents and Settings\Bunny-Toforos\Favorites\Privacy Protector.url - Deleted
D:\Documents and Settings\Bunny-Toforos\Favorites\Spyware&Malware Protection.url - Deleted
D:\WINDOWS\privacy_danger\index.htm - Deleted
D:\WINDOWS\privacy_danger\images\capt.gif - Deleted
D:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
D:\WINDOWS\privacy_danger\images\down.gif - Deleted
D:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
D:\Documents and Settings\Bunny-Toforos\Application Data\Install.dat - Deleted
D:\DOCUME~1\BUNNY-~1\LOCALS~1\Temp\hd-log.txt - Deleted
D:\WINDOWS\dat.txt - Deleted
D:\WINDOWS\ddesupport.dll - Deleted
D:\WINDOWS\main_uninstaller.exe - Deleted
D:\WINDOWS\msole.dll - Deleted
D:\WINDOWS\rs.txt - Deleted
D:\WINDOWS\system32\vx.tll - Deleted
Folder D:\WINDOWS\privacy_danger - Removed
Removing Temp Files...
ADS Check:
Checking D:\WINDOWS
D:\WINDOWS
No streams found.
Checking D:\WINDOWS\system32
D:\WINDOWS\system32
No streams found.
Checking D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
No streams found.
Checking D:\WINDOWS\system32\ntoskrnl.exe
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\mIRC\\mirc.exe"="D:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Documents and Settings\\Bunny-Toforos\\My Documents\\New Folder\\utorrent.exe"="D:\\Documents and Settings\\Bunny-Toforos\\My Documents\\New Folder\\utorrent.exe:*:Enabled:æTorrent"
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\BackgroundDownloader.exe"="C:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - D:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
D:\Documents and Settings\Bunny-Toforos\Local Settings\Temp\BIT4E8.tmp
D:\WINDOWS\SoftwareDistribution\Download80070f6461c8001578e5e4cd4bb024b\BIT5D.tmp
D:\WINDOWS\SoftwareDistribution\Downloadccf8841b771ea8d63bc0e1179a4b5c7\BIT384.tmp
D:\WINDOWS\SoftwareDistribution\Downloadf8a5d0d09e527fa35dec9e085d4b802\BIT3E.tmp
D:\WINDOWS\SoftwareDistribution\Download\19525589545ebdc47d68693afa9f982d\BIT21.tmp
D:\WINDOWS\SoftwareDistribution\Download\1e9932cdb151e63543dfe60a0ebec20f\BIT22.tmp
D:\WINDOWS\SoftwareDistribution\Download\2d5cb53f40c94c45549672fbf4eb14b2\BIT31.tmp
D:\WINDOWS\SoftwareDistribution\Download\33cb1e7dae8a29b002e7473fd58a1557\BIT375.tmp
D:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\BITF3.tmp
D:\WINDOWS\SoftwareDistribution\Download\4730fbe8056ad6eb56eb6cc23d82cd01\BIT310.tmp
D:\WINDOWS\SoftwareDistribution\Download\5217f632c60d0e2abd68621d2a7b05b9\BIT2C.tmp
D:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\BIT47.tmp
D:\WINDOWS\SoftwareDistribution\Download\5498c785851ff90b892674f94bdfa81d\BIT32.tmp
D:\WINDOWS\SoftwareDistribution\Download\59b0f8f21f20e6805bbdeb17ff4407cb\BIT27.tmp
D:\WINDOWS\SoftwareDistribution\Download\5cc724b3995f72ef3222dddf08658056\BIT367.tmp
D:\WINDOWS\SoftwareDistribution\Download\63344d08c1ecd019651928d3dc605b9a\BIT2E.tmp
D:\WINDOWS\SoftwareDistribution\Download\886e6096bfc6097431522dec4176f121\BIT2FC.tmp
D:\WINDOWS\SoftwareDistribution\Download\8acee4cccf4e1ce6f8a46469c2a643b4\BIT30.tmp
D:\WINDOWS\SoftwareDistribution\Download\b0f29cf128ab0efdda2d566548596f60\BIT2D.tmp
D:\WINDOWS\SoftwareDistribution\Download\bf56b0f3cf2ed2445c92d62b2f0fc041\BIT2F.tmp
D:\WINDOWS\SoftwareDistribution\Download\c4989c7d9cfedbbe50931f1ce8778e69\BIT305.tmp
D:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\BIT3B.tmp
D:\WINDOWS\SoftwareDistribution\Download\d603631fa5c5558c772d54d44369b54f\BIT250.tmp
D:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\download\BIT25.tmp
D:\WINDOWS\SoftwareDistribution\Download\ec3e2e6b3f1b25baadb3a70dfe94cd10\BIT29.tmp
D:\WINDOWS\SoftwareDistribution\Download\f1635eb0df6388580e55a87b2d1cd782\BIT2B.tmp
D:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BITDD.tmp
D:\WINDOWS\system32\config\default.tmp.LOG
D:\WINDOWS\system32\config\software.tmp.LOG
D:\WINDOWS\system32\config\system.tmp.LOG
Listing User Accounts:
Administrator Bunny-Toforos Guest
HelpAssistant SUPPORT_388945a0
Finished
Thank you in advance for your help
1
Privacy Danger
Started by di0, Jun 29 2007 10:00 AM
5 replies to this topic
#2 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 29 June 2007 - 06:58 PM
Hi di0, Welcome to the forum,
That looks good, sdfix appears to have removed the Privacy Danger files but the HijackThis log was taken before SDFix was used so please run a scan with AVG Antispyware then post a fresh HijackThis log and we can take it from there
Download AVG Anti-Spyware
Thanks
Andy
That looks good, sdfix appears to have removed the Privacy Danger files but the HijackThis log was taken before SDFix was used so please run a scan with AVG Antispyware then post a fresh HijackThis log and we can take it from there
Download AVG Anti-Spyware
- Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top and then click on Complete System Scan
- AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
- Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Thanks
Andy
#3 OFFLINE
-
- Members
-
- 3 posts
Newbie
Posted 30 June 2007 - 05:14 PM
Hello again,and thank you for your immediate response to my issue 
Here is my avg report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:07:43 μμ 30/6/2007
+ Scan result:
D:\SDFix\backups\backups.zip/backups/ddesupport.dll -> Adware.Agent : Ignored.
D:\SDFix\backups\backups.zip/backups/msole.dll -> Adware.Agent : Ignored.
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006622.dll -> Adware.Agent : Ignored.
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006628.dll -> Adware.Agent : Ignored.
D:\SDFix\backups\backups.zip/backups/main_uninstaller.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006621.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006627.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
:mozilla.52:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.53:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
D:\Documents and Settings\Bunny-Toforos\Cookies\bunny-toforos@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.66:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
::Report end
and my fresh HiJack this report
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:09:21 µµ, on 30/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Documents and Settings\Bunny-Toforos\Desktop\HiJackThis_v2.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] D:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
--
End of file - 6243 bytes
My pc has no obvious symptoms of infection now(desktops popups n stuff),though it seems to me it lacks performance.
Waiting for your advice
Here is my avg report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:07:43 μμ 30/6/2007
+ Scan result:
D:\SDFix\backups\backups.zip/backups/ddesupport.dll -> Adware.Agent : Ignored.
D:\SDFix\backups\backups.zip/backups/msole.dll -> Adware.Agent : Ignored.
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006622.dll -> Adware.Agent : Ignored.
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006628.dll -> Adware.Agent : Ignored.
D:\SDFix\backups\backups.zip/backups/main_uninstaller.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006621.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{E7BD6DFD-D90A-4E00-9800-A5E7FC89A0E1}\RP25\A0006627.exe -> Downloader.Agent.bjc : Cleaned with backup (quarantined).
:mozilla.52:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.53:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
D:\Documents and Settings\Bunny-Toforos\Cookies\bunny-toforos@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.66:D:\Documents and Settings\Bunny-Toforos\Application Data\Mozilla\Firefox\Profiles\r2t3mtsw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
::Report end
and my fresh HiJack this report
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:09:21 µµ, on 30/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Documents and Settings\Bunny-Toforos\Desktop\HiJackThis_v2.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] D:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
--
End of file - 6243 bytes
My pc has no obvious symptoms of infection now(desktops popups n stuff),though it seems to me it lacks performance.
Waiting for your advice
#4 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 30 June 2007 - 07:54 PM
Hi di0
Just a couple of entries to fix,
Run Hijack This and choose Do A System Scan then place a check next to these entries
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Delete the D:\SDFix folder as it contains backups of the trojan files it removed,
Run CCleaner to clear out Temp files and then reset the System Restore points as some are infected
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup
Regarding the performance you could check if disk defrag is needed
Goto Start Menu > All Programs > Accessories > System Tools > Disk Defragmenter
Click the Analyze button and it will then check if you need to defragment the drive,if it shows 'You need to defragment this volume' then click the Defragment button.
Next download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Cheers
Andy
Just a couple of entries to fix,
Run Hijack This and choose Do A System Scan then place a check next to these entries
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Delete the D:\SDFix folder as it contains backups of the trojan files it removed,
Run CCleaner to clear out Temp files and then reset the System Restore points as some are infected
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup
Regarding the performance you could check if disk defrag is needed
Goto Start Menu > All Programs > Accessories > System Tools > Disk Defragmenter
Click the Analyze button and it will then check if you need to defragment the drive,if it shows 'You need to defragment this volume' then click the Defragment button.
Next download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Cheers
Andy
#5 OFFLINE
-
- Members
-
- 3 posts
Newbie
Posted 03 July 2007 - 09:40 AM
Thank you very much...I don't know what i would have done without you.You are my hero
Here is the last report you requested...
ComboFix 07-06-18.2 - D:\Documents and Settings\Bunny-Toforos\Desktop\ComboFix.exe
"Bunny-Toforos" - 2007-07-03 11:56:26 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\WINDOWS\system32\msxml3a.dll
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 11:55 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-07-03 11:45 <DIR> d-------- D:\Program Files\CCleaner
2007-06-30 14:01 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 11:03 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-06-27 13:03 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-06-27 13:03 208,248 --a------ D:\WINDOWS\system32\muweb.dll
2007-06-27 12:53 83,536 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-27 12:53 59,984 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-27 12:53 52,304 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-27 12:53 39,248 --a------ D:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-27 12:53 26,064 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2007-06-27 12:53 <DIR> d-------- D:\Program Files\Spyware Doctor
2007-06-27 12:53 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-06-27 12:52 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-06-27 12:52 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-06-27 12:43 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-27 12:25 <DIR> d-------- D:\f9c210062db4628ffbdc
2007-06-26 22:29 <DIR> d-------- D:\Program Files\Ventrilo
2007-06-26 22:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 15:15 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2007-06-26 14:57 <DIR> d-------- D:\WINDOWS\Prefetch
2007-06-26 14:29 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2007-06-26 14:21 <DIR> d-------- D:\WINDOWS\system32\ReinstallBackups
2007-06-26 14:15 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-06-26 14:15 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-06-26 13:45 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-26 13:45 <DIR> d--hs---- D:\WINDOWS\CSC
2007-06-26 13:27 <DIR> d-------- D:\WINDOWS\%DownloadedProgramFiles%
2007-06-26 13:00 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-06-26 12:39 <DIR> d-------- D:\WINDOWS\system32\appmgmt
2007-06-26 11:56 <DIR> d-------- D:\{800186AC-0000-0000-7571-226E120C7FEB}
2007-06-26 10:06 <DIR> d-------- D:\Program Files\Windows Live Safety Center
2007-06-25 12:59 <DIR> d-------- D:\Program Files\MultiTranse
2007-06-13 21:42 <DIR> d-------- D:\temp\PB
2007-06-06 19:58 <DIR> d-------- D:\DOCUME~1\BUNNY-~1\APPLIC~1\Ventrilo
2007-06-05 15:26 <DIR> d-------- D:\Program Files\IrfanView
2007-06-05 13:17 <DIR> d-------- D:\Program Files\Common Files\Adobe Systems Shared
2007-06-05 13:17 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-05 12:44 <DIR> d-------- D:\Program Files\Adobe2
2007-06-04 18:58 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared
2007-06-04 17:52 <DIR> d-------- D:\DOCUME~1\BUNNY-~1\APPLIC~1\Syntrillium
2007-06-04 17:50 <DIR> d-------- D:\Program Files\coolpro2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-01 11:43:41 -------- d-----w D:\DOCUME~1\BUNNY-~1\APPLIC~1\uTorrent
2007-06-26 15:57:13 -------- d-----w D:\DOCUME~1\BUNNY-~1\APPLIC~1\LimeWire
2007-06-26 11:40:24 22,720 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-05 09:42:54 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-02 11:01:02 -------- d-----w D:\Program Files\MagicISO
2007-05-11 12:26:24 -------- d-----w D:\Program Files\Common Files\snct511
2007-04-24 17:30:08 0 ----a-w D:\WINDOWS\mozver.dat
2007-04-24 17:09:27 298,104 ----a-w D:\WINDOWS\system32\imon.dll
2007-04-24 17:06:40 0 ----a-w D:\WINDOWS\nsreg.dat
2007-04-16 19:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
2007-04-04 15:55:00 261,480 ----a-w D:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 15:53:42 81,768 ----a-w D:\WINDOWS\system32\xinput1_3.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2006-10-22 13:22 D:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-04-24 20:09]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" []
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 15:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="D:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" [2005-05-10 14:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 12:00:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-03 12:02:57
D:\ComboFix-quarantined-files.txt ... 2007-07-03 12:02
--- E O F ---
Once again...Thanks
Here is the last report you requested...
ComboFix 07-06-18.2 - D:\Documents and Settings\Bunny-Toforos\Desktop\ComboFix.exe
"Bunny-Toforos" - 2007-07-03 11:56:26 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\WINDOWS\system32\msxml3a.dll
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 11:55 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-07-03 11:45 <DIR> d-------- D:\Program Files\CCleaner
2007-06-30 14:01 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 11:03 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2007-06-27 13:03 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-06-27 13:03 208,248 --a------ D:\WINDOWS\system32\muweb.dll
2007-06-27 12:53 83,536 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-27 12:53 59,984 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-27 12:53 52,304 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-27 12:53 39,248 --a------ D:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-27 12:53 26,064 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2007-06-27 12:53 <DIR> d-------- D:\Program Files\Spyware Doctor
2007-06-27 12:53 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-06-27 12:52 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-06-27 12:52 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-06-27 12:43 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-27 12:25 <DIR> d-------- D:\f9c210062db4628ffbdc
2007-06-26 22:29 <DIR> d-------- D:\Program Files\Ventrilo
2007-06-26 22:29 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 15:15 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2007-06-26 14:57 <DIR> d-------- D:\WINDOWS\Prefetch
2007-06-26 14:29 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2007-06-26 14:21 <DIR> d-------- D:\WINDOWS\system32\ReinstallBackups
2007-06-26 14:15 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-06-26 14:15 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-06-26 13:45 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-26 13:45 <DIR> d--hs---- D:\WINDOWS\CSC
2007-06-26 13:27 <DIR> d-------- D:\WINDOWS\%DownloadedProgramFiles%
2007-06-26 13:00 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-06-26 12:39 <DIR> d-------- D:\WINDOWS\system32\appmgmt
2007-06-26 11:56 <DIR> d-------- D:\{800186AC-0000-0000-7571-226E120C7FEB}
2007-06-26 10:06 <DIR> d-------- D:\Program Files\Windows Live Safety Center
2007-06-25 12:59 <DIR> d-------- D:\Program Files\MultiTranse
2007-06-13 21:42 <DIR> d-------- D:\temp\PB
2007-06-06 19:58 <DIR> d-------- D:\DOCUME~1\BUNNY-~1\APPLIC~1\Ventrilo
2007-06-05 15:26 <DIR> d-------- D:\Program Files\IrfanView
2007-06-05 13:17 <DIR> d-------- D:\Program Files\Common Files\Adobe Systems Shared
2007-06-05 13:17 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-05 12:44 <DIR> d-------- D:\Program Files\Adobe2
2007-06-04 18:58 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared
2007-06-04 17:52 <DIR> d-------- D:\DOCUME~1\BUNNY-~1\APPLIC~1\Syntrillium
2007-06-04 17:50 <DIR> d-------- D:\Program Files\coolpro2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-01 11:43:41 -------- d-----w D:\DOCUME~1\BUNNY-~1\APPLIC~1\uTorrent
2007-06-26 15:57:13 -------- d-----w D:\DOCUME~1\BUNNY-~1\APPLIC~1\LimeWire
2007-06-26 11:40:24 22,720 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-05 09:42:54 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-02 11:01:02 -------- d-----w D:\Program Files\MagicISO
2007-05-11 12:26:24 -------- d-----w D:\Program Files\Common Files\snct511
2007-04-24 17:30:08 0 ----a-w D:\WINDOWS\mozver.dat
2007-04-24 17:09:27 298,104 ----a-w D:\WINDOWS\system32\imon.dll
2007-04-24 17:06:40 0 ----a-w D:\WINDOWS\nsreg.dat
2007-04-16 19:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
2007-04-04 15:55:00 261,480 ----a-w D:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 15:53:42 81,768 ----a-w D:\WINDOWS\system32\xinput1_3.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2006-10-22 13:22 D:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-04-24 20:09]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" []
"SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 15:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="D:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" [2005-05-10 14:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 12:00:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-03 12:02:57
D:\ComboFix-quarantined-files.txt ... 2007-07-03 12:02
--- E O F ---
Once again...Thanks
#6 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 03 July 2007 - 06:51 PM
Hi di0,
No problems showing there which is nice to see, can you upload the C:\Qoobox folder as I think Combofix may of removed a genuine file, its not a problem if it has as its easy to restore but Id have to check the file first to make sure it is from Microsoft.
Open C:\Drive and right click the C:\Qoobox folder then choose Send To > Compressed (Zipped) Folder, this will then make a copy of the folder named C:\Qoobox.zip
Please then visit the below link
http://www.bleepingcomputer.com/submit-mal....php?channel=27
Type files from Ccleaners forum in the link area and then click Browse and locate the C:\Qoobox.zip folder then click Send File
Let me know when its uploaded and I'll check it
Thanks
Andy
No problems showing there which is nice to see, can you upload the C:\Qoobox folder as I think Combofix may of removed a genuine file, its not a problem if it has as its easy to restore but Id have to check the file first to make sure it is from Microsoft.
Open C:\Drive and right click the C:\Qoobox folder then choose Send To > Compressed (Zipped) Folder, this will then make a copy of the folder named C:\Qoobox.zip
Please then visit the below link
http://www.bleepingcomputer.com/submit-mal....php?channel=27
Type files from Ccleaners forum in the link area and then click Browse and locate the C:\Qoobox.zip folder then click Send File
Let me know when its uploaded and I'll check it
Thanks
Andy
