Tech Support Forum banner
Cancel

NaviPromo.N and Downloader.Adload.JB Trojans

Jump to Latest Follow
Status
Not open for further replies.
1 - 5 of 5 Posts
T

· Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-14 21:22:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-06-15 01:22:30 UTC - RP590 - Deckard's System Scanner Restore Point
51: 2008-06-15 01:10:19 UTC - RP589 - Removed Quivic
50: 2008-06-15 01:09:31 UTC - RP588 - Removed Power Tab Editor 1.7
49: 2008-06-15 00:59:22 UTC - RP587 - Removed Call of Duty(R) 2
48: 2008-06-14 18:07:04 UTC - RP586 - System Checkpoint


-- First Restore Point --
1: 2008-05-14 04:29:14 UTC - RP539 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.01 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:38 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ultimate-guitar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3506
O1 - Hosts: pybot - Search & Destroy
O1 - Hosts: oy
O1 - Hosts: pybot - Search & Destroy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: dcads - {2ba98f33-d8d3-1ef8-06c1-26503e3bebf1} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {606A6CD9-F64B-ECEB-4B15-FF8DBC2686BE} - (no file)
O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/onrpg/solidstateion.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C101001-4489-4F22-8D1E-1C75272EB670}: NameServer = 65.24.7.10,65.24.7.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C101001-4489-4F22-8D1E-1C75272EB670}: NameServer = 65.24.7.10,65.24.7.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C101001-4489-4F22-8D1E-1C75272EB670}: NameServer = 65.24.7.10,65.24.7.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: sQusiStub.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8819 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 XDva143 - c:\windows\system32\xdva143.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6018086&REV_10\4&2A3BFE78&0&10A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6018086&REV_10\4&2A3BFE78&0&10A4
Service: RTL8023xp


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 21:26:37 0 d-------- C:\Program Files\Trend Micro
2008-06-14 12:21:13 0 d-------- C:\Program Files\Enigma Software Group
2008-06-13 13:48:40 0 d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-06-13 13:46:20 0 d-------- C:\Program Files\BillP Studios
2008-06-13 13:19:34 0 d--h----- C:\$AVG8.VAULT$
2008-06-13 13:04:40 1669152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-13 12:58:39 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-13 12:58:32 0 d-------- C:\Program Files\AVG
2008-06-13 12:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-13 12:37:53 0 d-------- C:\Program Files\Lavasoft
2008-06-13 12:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 12:19:00 0 d-------- C:\Program Files\ZoneAlarmSB
2008-06-13 12:12:59 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-13 12:12:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-13 12:11:57 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-13 12:10:39 0 d-------- C:\WINDOWS\Internet Logs
2008-06-10 22:36:33 0 d-------- C:\Program Files\Sony
2008-06-10 17:20:35 0 d-------- C:\Program Files\SSI
2008-06-10 17:20:29 376832 -----n--- C:\WINDOWS\Pool of Radiance remove.exe <Not Verified; Edgies; Pool of Radiance II Installer Application>
2008-06-10 17:20:29 195856 -ra------ C:\WINDOWS\dsetup32.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® 95 and 98>
2008-06-10 17:20:29 40208 -ra------ C:\WINDOWS\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® 95 and 98>
2008-06-06 16:02:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Filter Forge Freepack 1 - Metals
2008-06-06 15:59:55 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows(R)>
2008-06-06 15:59:50 0 d-------- C:\Program Files\Filter Forge Freepack 1 - Metals
2008-06-03 11:51:51 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-31 13:20:40 0 d-------- C:\Program Files\PartyGaming
2008-05-28 20:54:42 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-05-25 03:01:30 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-24 18:02:57 0 d-------- C:\Program Files\Apprentice
2008-05-24 17:59:22 0 d-------- C:\Program Files\Magic Workstation
2008-05-23 23:19:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-23 23:19:48 0 d-------- C:\Program Files\Windows Live
2008-05-23 23:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-21 19:08:42 0 d-------- C:\Program Files\Triple Triad Extreme
2008-05-16 18:51:06 0 d-------- C:\Program Files\Activision


-- Find3M Report ---------------------------------------------------------------

2008-06-14 20:52:29 0 d-------- C:\Program Files\Common Files\stardock
2008-06-13 13:12:02 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-06-13 13:03:08 0 d-------- C:\Program Files\Trillian
2008-06-13 12:36:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 12:27:27 0 d-------- C:\Program Files\Outspark
2008-06-13 12:09:38 0 d-------- C:\Program Files\America's Army
2008-06-12 13:35:48 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-11 13:28:05 0 d-------- C:\Program Files\lx_cats
2008-06-10 22:36:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 22:24:24 10565 --a------ C:\WINDOWS\mozver.dat
2008-06-03 11:53:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-25 03:01:30 0 d-------- C:\Program Files\Common Files
2008-05-17 16:03:52 0 d-------- C:\Program Files\Macromedia
2008-05-17 16:03:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-17 16:03:34 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-13 15:29:25 0 d-------- C:\Program Files\LimeWire
2008-05-11 23:23:24 0 d-------- C:\Documents and Settings\Owner\Application Data\FaxCtr
2008-05-11 23:14:35 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-05-11 23:13:09 0 d-------- C:\Program Files\Lexmark 3400 Series
2008-05-06 16:16:44 0 d-------- C:\Program Files\NCSoft
2008-05-06 16:12:13 0 d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-05-02 20:25:50 0 d-------- C:\Program Files\QuickTime
2008-04-30 18:44:43 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-04-30 17:17:09 0 d-------- C:\Program Files\Turbine
2008-04-15 21:45:09 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-04-15 17:16:20 0 d-------- C:\Program Files\VstPlugins
2008-04-15 17:09:42 0 d-------- C:\Program Files\AGEIA Technologies
2008-04-15 17:08:51 0 d-------- C:\Program Files\Netdevil
2008-03-30 13:03:02 3120 --a------ C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba98f33-d8d3-1ef8-06c1-26503e3bebf1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{606A6CD9-F64B-ECEB-4B15-FF8DBC2686BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/05/2008 10:26 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [02/05/2008 10:26 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [12/09/2005 09:44 PM]
"RTHDCPL"="RTHDCPL.EXE" [04/17/2006 06:34 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 09:43 PM C:\WINDOWS\Alcmtr.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Windows Console"="wkssvc.exe" []
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 10:34 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 10:35 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 01:27 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 08:07 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/13/2008 12:58 PM]
"RegistryMechanic"="" []
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/25/2008 01:31 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 11:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sQusiStub.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6040f5d7-3c2e-11db-902e-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com

126 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-14 21:29:13 ------------
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#3 ·
Hello TCooper and welcome,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
 
Save Share
T

· Registered
Joined
·
3 Posts
Discussion Starter · #4 · (Edited)
ComboFix 08-06-16.5 - Owner 2008-06-18 12:20:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1296 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-14 21:26 . 2008-06-14 21:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\Deckard
2008-06-14 12:21 . 2008-06-14 12:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-13 13:48 . 2008-06-13 13:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2008-06-13 13:46 . 2008-06-13 13:46 <DIR> d-------- C:\Program Files\BillP Studios
2008-06-13 13:19 . 2008-06-14 19:30 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-13 13:12 . 2008-06-13 13:12 268 --ah----- C:\sqmdata01.sqm
2008-06-13 13:12 . 2008-06-13 13:12 244 --ah----- C:\sqmnoopt01.sqm
2008-06-13 13:04 . 2008-06-18 02:43 3,614,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-13 13:04 . 2008-06-14 21:46 24,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-13 12:58 . 2008-06-18 11:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-13 12:58 . 2008-06-13 12:58 <DIR> d-------- C:\Program Files\AVG
2008-06-13 12:58 . 2008-06-13 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-13 12:58 . 2008-06-13 12:58 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-13 12:58 . 2008-06-13 12:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-13 12:37 . 2008-06-13 12:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-13 12:37 . 2008-06-13 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 12:19 . 2008-06-13 12:19 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-06-13 12:12 . 2008-06-13 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-13 12:12 . 2008-04-02 20:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-13 12:12 . 2008-06-13 12:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-13 12:11 . 2008-06-13 12:12 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-13 12:11 . 2008-06-13 12:11 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-13 12:11 . 2008-04-02 20:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-13 12:11 . 2008-06-18 11:05 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-13 12:10 . 2008-06-18 11:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-13 12:00 . 2008-06-13 12:00 268 --ah----- C:\sqmdata00.sqm
2008-06-13 12:00 . 2008-06-13 12:00 244 --ah----- C:\sqmnoopt00.sqm
2008-06-11 03:53 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:53 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:36 . 2008-06-11 00:27 <DIR> d-------- C:\Program Files\Sony
2008-06-10 17:20 . 2008-06-10 17:20 <DIR> d-------- C:\Program Files\SSI
2008-06-10 17:20 . 2001-11-05 20:51 376,832 --------- C:\WINDOWS\Pool of Radiance remove.exe
2008-06-10 17:20 . 1999-09-08 10:56 195,856 -ra------ C:\WINDOWS\dsetup32.dll
2008-06-10 17:20 . 1999-09-08 10:51 40,208 -ra------ C:\WINDOWS\dsetup.dll
2008-06-06 16:02 . 2008-06-06 16:03 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Filter Forge Freepack 1 - Metals
2008-06-06 15:59 . 2008-06-06 15:59 <DIR> d-------- C:\Program Files\Filter Forge Freepack 1 - Metals
2008-06-06 15:59 . 2006-11-10 18:41 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2008-06-03 11:51 . 2008-06-10 17:16 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-31 13:20 . 2008-06-13 12:28 <DIR> d-------- C:\Program Files\PartyGaming
2008-05-28 20:54 . 2008-05-29 17:26 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-05-24 18:02 . 2008-05-24 18:03 <DIR> d-------- C:\Program Files\Apprentice
2008-05-24 17:59 . 2008-06-13 12:26 <DIR> d-------- C:\Program Files\Magic Workstation
2008-05-24 05:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-24 05:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-24 05:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-23 23:19 . 2008-05-28 20:53 <DIR> d-------- C:\Program Files\Windows Live
2008-05-23 23:19 . 2008-05-23 23:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-23 23:19 . 2008-05-23 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-21 19:08 . 2008-06-13 12:30 <DIR> d-------- C:\Program Files\Triple Triad Extreme

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 01:47 --------- d-----w C:\Program Files\Trillian
2008-06-15 23:04 1,376,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-15 21:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-15 01:46 --------- d-----w C:\Program Files\Common Files\stardock
2008-06-14 02:09 1,345,536 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-13 17:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-06-13 16:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 16:27 --------- d-----w C:\Program Files\Outspark
2008-06-13 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-06-13 16:09 --------- d-----w C:\Program Files\America's Army
2008-06-11 17:28 --------- d-----w C:\Program Files\lx_cats
2008-06-11 02:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 21:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 21:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-17 20:03 --------- d-----w C:\Program Files\Macromedia
2008-05-17 20:03 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-05-16 22:51 --------- d-----w C:\Program Files\Activision
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 19:29 --------- d-----w C:\Program Files\LimeWire
2008-05-12 03:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\FaxCtr
2008-05-12 03:14 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-05-12 03:13 --------- d-----w C:\Program Files\Lexmark 3400 Series
2008-05-12 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:16 --------- d-----w C:\Program Files\NCSoft
2008-05-06 20:12 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-05-03 00:25 --------- d-----w C:\Program Files\QuickTime
2008-04-30 22:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-04-30 21:17 --------- d-----w C:\Program Files\Turbine
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-30 17:03 3,120 ----a-w C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-21 05:02 1,606 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba98f33-d8d3-1ef8-06c1-26503e3bebf1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{606A6CD9-F64B-ECEB-4B15-FF8DBC2686BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-05 22:26 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-05 22:26 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 18:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 10:34 291504]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 10:35 295600]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 13:27 106496]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-13 12:58 1177368]
"RegistryMechanic"="" []
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 13:31 333120]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 23:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sQusiStub.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpng"= C:\Program Files\[email protected]\0.958\686\tabdec.dll
"vidc.mvjp"= C:\Program Files\[email protected]\0.958\686\tabdec.dll
"vidc.444p"= C:\Program Files\[email protected]\0.958\686\tabdec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\aclauncher.exe"=
"C:\\Program Files\\Turbine\\Asheron's Call - Throne of Destiny\\acclient.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\WINDOWS\\system32\\lxcycoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22949:TCP"= 22949:TCP:BitComet 22949 TCP
"22949:UDP"= 22949:UDP:BitComet 22949 UDP
"7800:TCP"= 7800:TCP:BitComet 7800 TCP
"7800:UDP"= 7800:UDP:BitComet 7800 UDP
"18408:TCP"= 18408:TCP:BitComet 18408 TCP
"18408:UDP"= 18408:UDP:BitComet 18408 UDP
"41614:TCP"= 41614:TCP:*:Disabled:SolidNetworkManager
"41614:UDP"= 41614:UDP:*:Disabled:SolidNetworkManager
"2436:TCP"= 2436:TCP:*:Disabled:SolidNetworkManager
"2436:UDP"= 2436:UDP:*:Disabled:SolidNetworkManager
"27541:TCP"= 27541:TCP:*:Disabled:SolidNetworkManager
"27541:UDP"= 27541:UDP:*:Disabled:SolidNetworkManager
"58630:TCP"= 58630:TCP:*:Disabled:SolidNetworkManager
"58630:UDP"= 58630:UDP:*:Disabled:SolidNetworkManager
"8601:TCP"= 8601:TCP:*:Disabled:SolidNetworkManager
"8601:UDP"= 8601:UDP:*:Disabled:SolidNetworkManager
"1224:TCP"= 1224:TCP:*:Disabled:SolidNetworkManager
"1224:UDP"= 1224:UDP:*:Disabled:SolidNetworkManager

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-13 12:58]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-13 12:58]
R2 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 06:28]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 22:10]
S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6040f5d7-3c2e-11db-902e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 12:22:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 12:25:00
ComboFix-quarantined-files.txt 2008-06-18 16:23:55
ComboFix2.txt 2008-06-18 16:05:04

Pre-Run: 9,353,240,576 bytes free
Post-Run: 9,321,414,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

224 --- E O F --- 2008-06-12 07:06:08
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#5 ·
Hi,

The title of your thread states 'NaviPromo.N and Downloader.Adload.JB Trojans'

I see nothing active in these reports. What alerted you to these infections and what are their reported locations on the system?
 
Save Share
1 - 5 of 5 Posts
Status
Not open for further replies.
About this Discussion
4 Replies
2 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top