The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Infected computer

Posted 8/25/2009 7:45 AM
#76469
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi Touch,


Wakari here. Haven't been in contact since last time. you have been successful in helping fix my problems in the past. Hope you can help me once again.



I noticed there was an anti spyware programme downloaded yesterday. i think it piggybacked something my daughter downloaded, called antispyware 2010.



since then I am getting constant Computer Infected reminders which must be bogus as the reminders prompting me to download anti spyware have misspelt the word prevent, writing "pervent memory loss".



I am almost at the end or my Trend Micro Antivirus free trial. i wonder if that is anything to do with it.



the computer is also acting strangely and slowly. I have tried the microsoft site as the Firewall appears to be turned off also and i don't seem to be able to fix it.



i have run Hijackthis here is the log.



Logfile of HijackThis v1.99.1
Scan saved at 7:29:54 p.m., on 25/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Documents and Settings\Jeff Withington\My Documents\hjt\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152323313593
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe




Cheers



Wakari
Posted 8/25/2009 11:37 AM
#76472
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello wakari :smile:





Please download combofix here ->

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.



Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

There are details for disabling many programmes here: https://www.bleepingcomputer.com/forums/topic114351.html




Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply



[3]The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[/3]


Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/29/2009 2:04 AM
#76613
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,




i was reading the forum contributions after i mailed you, and picked up that someone else was having excatly the same problem and that you8 had advised them to download combofix. so that is what i did and it corrected everything. here is the log.

i also downloaded the Bullguard antivirus programme, which is working great.

ComboFix 09-08-24.06 - Jeff Withington 25/08/2009 20:19.17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.284 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\elihyg.pif
c:\documents and settings\All Users\Application Data\epusab.ban
c:\documents and settings\All Users\Documents\niqatawa.inf
c:\documents and settings\All Users\Documents\ubiwoh.sys
c:\documents and settings\Jeff Withington\Application Data\gelikicur.ban
c:\documents and settings\Jeff Withington\Application Data\hane.com
c:\documents and settings\Jeff Withington\Application Data\secu.com
c:\documents and settings\Jeff Withington\Application Data\ubababi.bat
c:\documents and settings\Jeff Withington\Application Data\wecylyqiz.reg
c:\documents and settings\Jeff Withington\Application Data\wiaserva.log
c:\documents and settings\Jeff Withington\Cookies\kicoso.bat
c:\documents and settings\Jeff Withington\Cookies\tirifinere.pif
c:\documents and settings\Jeff Withington\Local Settings\Application Data\zahuciga.bat
c:\documents and settings\Jeff Withington\Local Settings\Temporary Internet Files\atabyku.dat
c:\documents and settings\Jeff Withington\Local Settings\Temporary Internet Files\riry.pif
C:\INSTALL.EXE
c:\program files\Antivirus Agent Pro
c:\program files\Common Files\arakesase.bin
C:\qfpjvmyv.exe
C:\qylcxv.exe
C:\svtuqys.exe
c:\windows\Installer\16e3f56.msi
c:\windows\kukavise.ban
c:\windows\Readme.txt
c:\windows\system32\_scui.cpl
c:\windows\system32\akex.bat
c:\windows\system32\braviax.exe
c:\windows\system32\drivers\YOURAPP.EXE
c:\windows\system32\exuteg.bin
c:\windows\system32\Process.exe
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\yfyj.sys
c:\windows\ucig.scr
C:\wljfbh.exe
C:\ykddp.exe

c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-25 08:11 . 2009-08-25 08:11 -------- d-----w- c:\windows\LastGood
2009-08-24 08:03 . 2009-08-24 08:03 16451 ----a-w- c:\windows\system32\secuqyhib.dat
2009-08-24 07:49 . 2009-08-24 07:49 132 ----a-w- c:\documents and settings\Jeff Withington\delself.bat
2009-08-01 05:23 . 2009-08-01 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-08-01 05:23 . 2009-08-25 08:11 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-24 08:03 . 2009-08-24 08:03 12865 ----a-w- c:\program files\Common Files\ryve.db
2009-08-24 08:03 . 2009-08-24 08:03 19152 ----a-w- c:\program files\Common Files\fipecejy._sy
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2009-07-17 07:43 . 2009-07-17 07:13 -------- d-----w- c:\program files\Crystal Cave Cristmass Treasure
2009-07-15 14:09 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-07-15 01:07 . 2009-07-15 00:58 -------- d-----w- c:\program files\BitComet
2009-07-15 00:58 . 2005-06-21 23:31 -------- d-----w- c:\program files\Google
2009-07-12 06:39 . 2009-07-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\program files\Viva Media
2009-07-10 09:56 . 2009-07-10 09:54 -------- d-----w- c:\program files\Devastation Zone Troopers
2009-07-07 08:19 . 2005-06-19 06:56 -------- d-----w- c:\program files\Alien Shooter Demo
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2006-04-14 05:55 . 2006-04-14 05:55 0 ----a-w- c:\program files\ewhjahk.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - tmpreflt
*Deregistered* - tmxpflt
*Deregistered* - vsapint
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
SafeBoot-snda32.sys
SafeBoot-snda64.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-25 20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-25 20:27
ComboFix-quarantined-files.txt 2009-08-25 08:26
ComboFix2.txt 2009-07-09 08:29
ComboFix3.txt 2009-05-30 20:28
ComboFix4.txt 2009-04-24 21:18
ComboFix5.txt 2009-08-25 08:12

Pre-Run: 73,470,111,744 bytes free
Post-Run: 73,617,817,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

189 --- E O F --- 2008-12-31 18:39
Posted 8/29/2009 4:42 AM
#76618
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the bold text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop



Code:

Killall::

Snapshot::

File::
c:\windows\system32\secuqyhib.dat


c:\documents and settings\Jeff Withington\delself.bat

:\documents and settings\All Users\Application Data\hisyb.dat
c:\program files\Common Files\ryve.db
c:\program files\Common Files\fipecejy._sy


c:\program files\ewhjahk.exe

Folder:

c:\documents and settings\Jeff Withington\Application Data\uTorrent
c:\program files\BitComet


Mia::

c:\windows\system32\grpconv.exe





User image



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply



Note.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/30/2009 8:14 AM
#76699
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi Touch,


all complete,



regards



Wakari



ComboFix 09-08-29.01 - Jeff Withington 30/08/2009 19:27.18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.112 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Withington\Desktop\CFScript.txt
AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

FILE ::
"c:\documents and settings\Jeff Withington\delself.bat"
"c:\program files\Common Files\fipecejy._sy"
"c:\program files\Common Files\ryve.db"
"c:\program files\ewhjahk.exe"
"c:\windows\system32\secuqyhib.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff Withington\delself.bat
c:\program files\Common Files\fipecejy._sy
c:\program files\Common Files\ryve.db
c:\program files\ewhjahk.exe
c:\windows\system32\secuqyhib.dat

c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\grpconv.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-25 10:26 . 2009-08-30 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\BullGuard
2009-08-25 10:25 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 10:25 . 2009-08-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2009-07-17 07:43 . 2009-07-17 07:13 -------- d-----w- c:\program files\Crystal Cave Cristmass Treasure
2009-07-15 14:09 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-07-15 01:07 . 2009-07-15 00:58 -------- d-----w- c:\program files\BitComet
2009-07-15 00:58 . 2005-06-21 23:31 -------- d-----w- c:\program files\Google
2009-07-12 06:39 . 2009-07-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\program files\Viva Media
2009-07-10 09:56 . 2009-07-10 09:54 -------- d-----w- c:\program files\Devastation Zone Troopers
2009-07-07 08:19 . 2005-06-19 06:56 -------- d-----w- c:\program files\Alien Shooter Demo
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/08/2009 10:25 p.m. 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/03/2009 12:07 a.m. 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/03/2009 12:07 a.m. 257304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [1/06/2009 11:50 p.m. 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-30 20:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(2640)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\en\PluginHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-08-30 20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 08:08
ComboFix2.txt 2009-08-25 08:27
ComboFix3.txt 2009-07-09 08:29
ComboFix4.txt 2009-05-30 20:28
ComboFix5.txt 2009-08-30 07:24

Pre-Run: 78,985,453,568 bytes free
Post-Run: 79,286,550,528 bytes free

174 --- E O F --- 2008-12-31 18:39
Posted 8/30/2009 12:29 PM
#76701
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Clean combolog, unfortunality are you missing ->
grpconv.exe . . . is missing!!





I´ll there suggest you check for corrupted, or missing files ->



To do this simply go to the Run box on the Start Menu and type in:

sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.





Let me know how things goes.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/31/2009 9:54 AM
#76740
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,




Tried to execute the sf /scannow, but the computer asked for the windows xp disc to read some/replace some files.

however it appears the windows xp disc is older that the version i have on the computer.

any suggestions?




regards




jeffw
Posted 8/31/2009 11:59 AM
#76742
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. We´ll see if we can find it somewhere else ->



Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop



Code:

Killall::

Snapshot::

SRPeek::

c:\windows\system32\grpconv.exe











Once saveddrag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/31/2009 3:17 PM
#76745
User avatar

zaibon Member

Date Joined Nov 2016
Total Posts: 2
hey..
I have a problem with my pc..
I cannot view my hidden files even though I've adjusted my folder option..
And also,my pc seems to crash every time I turned on my pc..
Please help me..Its been month like this..
-THANKS-
Posted 9/1/2009 12:03 PM
#76772
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,


Done that. wot do ya think?



ComboFix 09-08-29.01 - Jeff Withington 01/09/2009 23:33.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.229 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Withington\Desktop\cfscript.txt
AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\system32\dllcache\grpconv.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 11:39 . 2004-08-04 07:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-01 11:39 . 2004-08-04 07:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-31 09:41 . 2004-08-04 05:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2009-08-31 09:41 . 2004-08-04 07:56 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-08-31 09:41 . 2001-08-17 00:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2009-08-31 09:41 . 2001-08-17 02:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-08-31 09:41 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-08-31 09:41 . 2004-08-04 06:00 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2009-08-31 09:39 . 2001-08-17 00:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2009-08-31 09:34 . 2001-08-17 00:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-08-31 09:33 . 2001-08-17 10:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2009-08-31 09:32 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-08-31 09:31 . 2001-08-17 01:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-31 09:31 . 2001-08-17 01:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2009-08-31 09:31 . 2001-08-17 00:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2009-08-31 09:31 . 2001-08-17 01:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2009-08-31 09:31 . 2001-08-17 10:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2009-08-31 09:31 . 2001-08-17 10:36 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2009-08-31 09:31 . 2001-08-17 01:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
2009-08-31 09:24 . 2001-08-17 02:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-08-25 10:26 . 2009-09-01 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\BullGuard
2009-08-25 10:25 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 10:25 . 2009-08-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 11:04 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-08-31 09:12 . 2006-07-09 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2009-07-17 07:43 . 2009-07-17 07:13 -------- d-----w- c:\program files\Crystal Cave Cristmass Treasure
2009-07-15 01:07 . 2009-07-15 00:58 -------- d-----w- c:\program files\BitComet
2009-07-15 00:58 . 2005-06-21 23:31 -------- d-----w- c:\program files\Google
2009-07-12 06:39 . 2009-07-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\program files\Viva Media
2009-07-10 09:56 . 2009-07-10 09:54 -------- d-----w- c:\program files\Devastation Zone Troopers
2009-07-07 08:19 . 2005-06-19 06:56 -------- d-----w- c:\program files\Alien Shooter Demo
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\wbem\grpconv.exe [x]
\RP1045\A0263021.exe [x]
.
------- Sigcheck -------

[7] 2003-03-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/08/2009 10:25 p.m. 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/03/2009 12:07 a.m. 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/03/2009 12:07 a.m. 257304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [1/06/2009 11:50 p.m. 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-01 23:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(3112)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\en\PluginHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\docume~1\JEFFWI~1\LOCALS~1\temp\SSUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-09-01 23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 11:55
ComboFix2.txt 2009-08-30 08:08
ComboFix3.txt 2009-08-25 08:27
ComboFix4.txt 2009-07-09 08:29
ComboFix5.txt 2009-09-01 11:31

Pre-Run: 78,922,555,392 bytes free
Post-Run: 79,017,926,656 bytes free

193 --- E O F --- 2008-12-31 18:39
Posted 9/1/2009 3:08 PM
#76775
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Unfortunality are you missing another system file, so same procdure again :rolleyes:





Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop



Code::

Killall::

Snapshot::

SRPeek::

c:\windows\system32\drivers\beep.sys





Once saved, drag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/3/2009 7:36 AM
#76852
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Here we go Touch.


ComboFix 09-08-29.01 - Jeff Withington 03/09/2009 19:10.20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.123 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Withington\Desktop\CFScript.txt
AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-01 11:39 . 2004-08-04 07:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-01 11:39 . 2004-08-04 07:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-31 09:41 . 2004-08-04 05:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2009-08-31 09:41 . 2004-08-04 07:56 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-08-31 09:41 . 2001-08-17 00:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2009-08-31 09:41 . 2001-08-17 02:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-08-31 09:41 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-08-31 09:41 . 2004-08-04 06:00 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2009-08-31 09:39 . 2001-08-17 00:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2009-08-31 09:34 . 2001-08-17 00:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-08-31 09:33 . 2001-08-17 10:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2009-08-31 09:32 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-08-31 09:31 . 2001-08-17 01:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-31 09:31 . 2001-08-17 01:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2009-08-31 09:31 . 2001-08-17 00:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2009-08-31 09:31 . 2001-08-17 01:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2009-08-31 09:31 . 2001-08-17 10:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2009-08-31 09:31 . 2001-08-17 10:36 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2009-08-31 09:31 . 2001-08-17 01:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
2009-08-31 09:24 . 2001-08-17 02:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-08-25 10:26 . 2009-09-03 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\BullGuard
2009-08-25 10:25 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 10:25 . 2009-08-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 11:04 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-08-31 09:12 . 2006-07-09 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2009-07-17 07:43 . 2009-07-17 07:13 -------- d-----w- c:\program files\Crystal Cave Cristmass Treasure
2009-07-15 01:07 . 2009-07-15 00:58 -------- d-----w- c:\program files\BitComet
2009-07-15 00:58 . 2005-06-21 23:31 -------- d-----w- c:\program files\Google
2009-07-12 06:39 . 2009-07-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\program files\Viva Media
2009-07-10 09:56 . 2009-07-10 09:54 -------- d-----w- c:\program files\Devastation Zone Troopers
2009-07-07 08:19 . 2005-06-19 06:56 -------- d-----w- c:\program files\Alien Shooter Demo
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[7] 2003-03-31 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/08/2009 10:25 p.m. 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/03/2009 12:07 a.m. 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/03/2009 12:07 a.m. 257304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [1/06/2009 11:50 p.m. 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-03 19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(3012)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\en\PluginHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-09-03 19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 07:32
ComboFix2.txt 2009-09-01 11:55
ComboFix3.txt 2009-08-30 08:08
ComboFix4.txt 2009-08-25 08:27
ComboFix5.txt 2009-09-03 07:07

Pre-Run: 78,961,037,312 bytes free
Post-Run: 78,980,689,920 bytes free

185 --- E O F --- 2008-12-31 18:39
Posted 9/3/2009 9:51 AM
#76855
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop





Killall::

Snapshot::

Fcopy::

c:\windows\system32\dllcache\beep.sys | c:\windows\system32\drivers\beep.sys









Once saved drag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/4/2009 12:45 PM
#76922
User avatar

zaibon Member

Date Joined Nov 2016
Total Posts: 2
hey,what do you think of this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:34 PM, on 9/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BrightEcho\LanRoad PPPoE Client\LanRoadDialupE.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gumpey berdaulat\Desktop\FIX\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe (User 'Default user')
Posted 9/7/2009 11:19 AM
#77086
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,

Thanks for sticking with me. Not sure who the zaibon guy is. Nothing to do with me.

Here's the latest log.

ComboFix 09-08-29.01 - Jeff Withington 07/09/2009 23:03.21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.214 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Withington\Desktop\CFScript.txt
AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 11:03 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-07 11:03 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-01 11:39 . 2004-08-04 07:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-01 11:39 . 2004-08-04 07:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-31 09:41 . 2004-08-04 05:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2009-08-31 09:41 . 2004-08-04 07:56 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-08-31 09:41 . 2001-08-17 00:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2009-08-31 09:41 . 2001-08-17 02:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-08-31 09:41 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-08-31 09:41 . 2004-08-04 06:00 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2009-08-31 09:39 . 2001-08-17 00:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2009-08-31 09:34 . 2001-08-17 00:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-08-31 09:33 . 2001-08-17 10:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2009-08-31 09:32 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-08-31 09:31 . 2001-08-17 01:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-31 09:31 . 2001-08-17 01:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2009-08-31 09:31 . 2001-08-17 00:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2009-08-31 09:31 . 2001-08-17 01:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2009-08-31 09:31 . 2001-08-17 10:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2009-08-31 09:31 . 2001-08-17 10:36 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2009-08-31 09:31 . 2001-08-17 01:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
2009-08-31 09:24 . 2001-08-17 02:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-08-25 10:26 . 2009-09-07 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\BullGuard
2009-08-25 10:25 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 10:25 . 2009-08-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 10:38 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-08-31 09:12 . 2006-07-09 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2009-07-17 07:43 . 2009-07-17 07:13 -------- d-----w- c:\program files\Crystal Cave Cristmass Treasure
2009-07-15 01:07 . 2009-07-15 00:58 -------- d-----w- c:\program files\BitComet
2009-07-15 00:58 . 2005-06-21 23:31 -------- d-----w- c:\program files\Google
2009-07-12 06:39 . 2009-07-12 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\program files\Viva Media
2009-07-10 09:56 . 2009-07-10 09:54 -------- d-----w- c:\program files\Devastation Zone Troopers
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-08-25 304464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/08/2009 10:25 p.m. 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/03/2009 12:07 a.m. 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/03/2009 12:07 a.m. 257304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [1/06/2009 11:50 p.m. 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-07 23:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(2900)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\en\PluginHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-09-07 23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 11:12
ComboFix2.txt 2009-09-03 07:33
ComboFix3.txt 2009-09-01 11:55
ComboFix4.txt 2009-08-30 08:08
ComboFix5.txt 2009-09-07 11:01

Pre-Run: 79,127,449,600 bytes free
Post-Run: 79,097,262,080 bytes free

188 --- E O F --- 2008-12-31 18:39
Posted 9/8/2009 5:54 AM
#77117
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Not sure who the zaibon guy is

[/quote]
Neither do I ;-)




zaibon ->




Please follow this guide:

[color=#000000>Before-posting-a-log[/url]


Follow the instructions and copy the logs, in your own new Topic.



Wakari ->>




Please follow this guide:

Before-posting-a-log[/color]


Please post logs from malwarebyte and hijackthis, I don´t need log from DDS.



BTW. Combo log looks clean.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/11/2009 10:20 PM
#77309
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch, that was a marathon. computer froze on a few occassions.


1st log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:59 a.m., on 12/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo!Xtra Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo!Xtra Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152323313593
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD150E4B-DE8B-453B-B6E4-39616E6C2337}: Domain = ihug.co.nz
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD150E4B-DE8B-453B-B6E4-39616E6C2337}: NameServer = 85.255.115.107 85.255.112.121
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8321 bytes



Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

11/09/2009 8:13:54 a.m.
mbam-log-2009-09-11 (08-13-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160114
Time elapsed: 1 hour(s), 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{12A7B4BD-3841-4496-8091-30FCD8D07979}\RP1044\A0262544.dll (Rogue.AntiVirusPro2009) -> No action taken.
Posted 9/11/2009 10:22 PM
#77310
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch, DDS logs



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/09/2003 4:27:13 p.m.
System Uptime: 9/12/2009 8:00:21 a.m. (-2111 hours ago)

Motherboard: | | P4M266A-8235
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2398/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 73.551 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: LGB 7052RGTMFSD SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&000
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&010
Manufacturer: (Standard CD-ROM drives)
Name: LGB 7052RGTMFSD SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&010
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&020
Manufacturer: (Standard CD-ROM drives)
Name: LGB 7052RGTMFSD SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&020
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&030
Manufacturer: (Standard CD-ROM drives)
Name: LGB 7052RGTMFSD SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_LGB&PROD_7052RGTMFSD&REV_1.03\5&36E5972&0&030
Service: cdrom

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic

==== System Restore Points ===================

RP978: 14/06/2009 2:51:04 a.m. - System Checkpoint
RP979: 15/06/2009 5:00:03 p.m. - System Checkpoint
RP980: 16/06/2009 5:41:54 p.m. - System Checkpoint
RP981: 17/06/2009 6:41:54 p.m. - System Checkpoint
RP982: 18/06/2009 8:58:44 p.m. - System Checkpoint
RP983: 19/06/2009 9:24:01 p.m. - System Checkpoint
RP984: 19/06/2009 10:28:09 p.m. - Removed Saddle Club - Willowbrook Stables
RP985: 19/06/2009 10:30:08 p.m. - Removed Microsoft Silverlight
RP986: 19/06/2009 10:30:56 p.m. - Removed Microsoft Visual C++ 2005 Redistributable
RP987: 19/06/2009 10:32:14 p.m. - Removed Pippa Funnell
RP988: 19/06/2009 10:37:13 p.m. - Removed PhotoStudio
RP989: 19/06/2009 10:38:47 p.m. - Removed ScanToWeb
RP990: 19/06/2009 10:39:54 p.m. - Removed ScanSoft OmniPage SE 4.0
RP991: 20/06/2009 8:39:03 a.m. - Configured AVG Free 8.5
RP992: 20/06/2009 8:52:32 a.m. - Removed AVG Free 8.5
RP993: 20/06/2009 8:54:09 a.m. - Installed AVG Free 8.5
RP994: 21/06/2009 9:08:41 a.m. - System Checkpoint
RP995: 22/06/2009 9:58:20 a.m. - System Checkpoint
RP996: 23/06/2009 9:01:02 p.m. - System Checkpoint
RP997: 24/06/2009 9:49:52 p.m. - System Checkpoint
RP998: 26/06/2009 11:33:26 a.m. - System Checkpoint
RP999: 27/06/2009 12:19:31 p.m. - System Checkpoint
RP1000: 28/06/2009 1:20:37 p.m. - System Checkpoint
RP1001: 30/06/2009 4:36:43 p.m. - System Checkpoint
RP1002: 1/07/2009 4:51:02 p.m. - System Checkpoint
RP1003: 2/07/2009 5:18:44 p.m. - System Checkpoint
RP1004: 3/07/2009 5:21:12 p.m. - System Checkpoint
RP1005: 4/07/2009 6:21:10 p.m. - System Checkpoint
RP1006: 5/07/2009 11:00:16 p.m. - System Checkpoint
RP1007: 7/07/2009 9:03:19 p.m. - System Checkpoint
RP1008: 8/07/2009 10:53:12 p.m. - System Checkpoint
RP1009: 9/07/2009 11:18:57 p.m. - System Checkpoint
RP1010: 11/07/2009 8:51:43 a.m. - System Checkpoint
RP1011: 12/07/2009 8:56:37 a.m. - System Checkpoint
RP1012: 13/07/2009 10:00:08 a.m. - System Checkpoint
RP1013: 14/07/2009 10:13:58 a.m. - System Checkpoint
RP1014: 15/07/2009 10:41:00 a.m. - System Checkpoint
RP1015: 16/07/2009 11:29:56 a.m. - System Checkpoint
RP1016: 17/07/2009 12:17:18 p.m. - System Checkpoint
RP1017: 18/07/2009 3:13:34 p.m. - System Checkpoint
RP1018: 19/07/2009 4:08:38 p.m. - System Checkpoint
RP1019: 20/07/2009 4:58:28 p.m. - System Checkpoint
RP1020: 21/07/2009 7:22:49 p.m. - System Checkpoint
RP1021: 22/07/2009 8:17:55 p.m. - System Checkpoint
RP1022: 23/07/2009 9:00:54 p.m. - System Checkpoint
RP1023: 26/07/2009 4:08:03 a.m. - System Checkpoint
RP1024: 27/07/2009 10:08:34 p.m. - System Checkpoint
RP1025: 29/07/2009 6:41:10 p.m. - System Checkpoint
RP1026: 30/07/2009 6:53:59 p.m. - System Checkpoint
RP1027: 31/07/2009 7:54:59 p.m. - System Checkpoint
RP1028: 1/08/2009 5:22:58 p.m. - Installed Trend Micro Internet Security
RP1029: 2/08/2009 5:56:01 p.m. - System Checkpoint
RP1030: 4/08/2009 7:59:25 p.m. - System Checkpoint
RP1031: 5/08/2009 8:55:48 p.m. - System Checkpoint
RP1032: 6/08/2009 9:22:55 p.m. - System Checkpoint
RP1033: 8/08/2009 3:04:22 p.m. - System Checkpoint
RP1034: 9/08/2009 7:33:25 p.m. - System Checkpoint
RP1035: 11/08/2009 8:00:00 p.m. - System Checkpoint
RP1036: 13/08/2009 11:00:52 p.m. - System Checkpoint
RP1037: 15/08/2009 3:15:51 p.m. - System Checkpoint
RP1038: 16/08/2009 4:04:57 p.m. - System Checkpoint
RP1039: 17/08/2009 10:30:17 p.m. - System Checkpoint
RP1040: 18/08/2009 11:04:24 p.m. - System Checkpoint
RP1041: 20/08/2009 5:03:27 p.m. - System Checkpoint
RP1042: 21/08/2009 5:07:59 p.m. - System Checkpoint
RP1043: 23/08/2009 1:13:39 p.m. - System Checkpoint
RP1044: 24/08/2009 9:02:10 p.m. - System Checkpoint
RP1045: 25/08/2009 8:11:00 p.m. - Removed Trend Micro Internet Security
RP1046: 26/08/2009 8:16:42 p.m. - System Checkpoint
RP1047: 27/08/2009 9:37:17 p.m. - System Checkpoint
RP1048: 28/08/2009 10:32:54 p.m. - System Checkpoint
RP1049: 30/08/2009 12:15:56 a.m. - System Checkpoint
RP1050: 31/08/2009 10:13:48 p.m. - System Checkpoint
RP1051: 1/09/2009 11:07:36 p.m. - System Checkpoint
RP1052: 3/09/2009 6:20:35 p.m. - System Checkpoint
RP1053: 5/09/2009 1:09:53 p.m. - System Checkpoint
RP1054: 6/09/2009 9:37:30 p.m. - System Checkpoint
RP1055: 7/09/2009 9:47:28 p.m. - System Checkpoint
RP1056: 9/09/2009 8:50:36 p.m. - System Checkpoint
RP1057: 10/09/2009 9:43:52 p.m. - System Checkpoint
RP1058: 12/09/2009 8:16:02 a.m. - System Checkpoint

==== Installed Programs ======================


Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Big Fish Games Client
BullGuard 8.7
Canon MP Navigator 3.0
Canon MP160
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
D-Link DSL-200 ADSL Modem
Digital Audio Manager
Digital Camera
Easy-WebPrint
Electronic Arts Product Registration
Google Earth
HaxFix 4.47
Highlight Viewer (Windows Live Toolbar)
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Icatch(IV) Camera Driver
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft Encarta Encyclopedia Standard - WE 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom
Nero Media Player
Nero OEM
NeroVision Express 2
PIF DESIGNER2.1
PowerDVD
QuickTime
Samsung Master
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Smart Menus (Windows Live Toolbar)
SoftK56 Data Fax Voice Speakerphone CARP
SoulSeek Client 156c
SUPERAntiSpyware Free Edition
The Sims™ 2 Seasons
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VIA Audio Driver Setup Program
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Works Suite OS Pack
Yahoo!Xtra Toolbar

==== Event Viewer Messages From Past Week ========

7/09/2009 10:59:52 p.m., error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================






DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff Withington at 9:43:01.34 on Sat 12/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.164 [GMT 12:00]

AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe -k BullGuard
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeff Withington\Local Settings\Temporary Internet Files\Content.IE5\9U7PT4NM\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
uURLSearchHooks: Yahoo!Xtra Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo!Xtra Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE
uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\d-link\dsl-200\dslagent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jeff withington\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152323313593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {AD150E4B-DE8B-453B-B6E4-39616E6C2337} = 85.255.115.107 85.255.112.121
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-2-16 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2006-6-9 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-8-25 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2003-4-1 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2003-4-1 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2003-4-1 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-3-24 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-3-24 257304]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\bullguard ltd\bullguard\support\BGRaSvc.exe [2009-6-1 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [2003-11-18 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-10-5 394192]

=============== Created Last 30 ================

2009-09-11 08:14 61,440 a------- c:\windows\system32\drivers\tqgvc.sys
2009-09-10 23:13 <DIR> --d----- c:\program files\CCleaner
2009-09-07 23:03 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-09-07 23:03 4,224 -------- c:\windows\system32\drivers\beep.sys
2009-09-01 23:39 39,424 ac------ c:\windows\system32\dllcache\grpconv.exe
2009-09-01 23:39 39,424 a------- c:\windows\system32\grpconv.exe
2009-08-31 21:41 161,020 ac------ c:\windows\system32\dllcache\i81xnt5.sys
2009-08-31 21:41 702,845 ac------ c:\windows\system32\dllcache\i81xdnt5.dll
2009-08-31 21:41 58,592 ac------ c:\windows\system32\dllcache\i740nt5.sys
2009-08-31 21:41 353,184 ac------ c:\windows\system32\dllcache\i740dnt5.dll
2009-08-31 21:41 18,560 ac------ c:\windows\system32\dllcache\i2omp.sys
2009-08-31 21:41 8,192 ac------ c:\windows\system32\dllcache\i2omgmt.sys
2009-08-31 21:39 12,362 ac------ c:\windows\system32\dllcache\f3ab18xi.sys
2009-08-31 21:34 19,594 ac------ c:\windows\system32\dllcache\e100isa4.sys
2009-08-31 21:33 28,672 ac------ c:\windows\system32\dllcache\cyycoins.dll
2009-08-31 21:32 8,192 ac------ c:\windows\system32\dllcache\changer.sys
2009-08-31 21:31 66,082 ac------ c:\windows\system32\dllcache\c_20423.nls
2009-08-31 21:30 41,472 ac------ c:\windows\system32\dllcache\brmfusb.dll
2009-08-31 21:29 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-08-25 22:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BullGuard
2009-08-25 22:26 <DIR> --d----- c:\docume~1\jeffwi~1\applic~1\BullGuard
2009-08-25 22:25 55,504 a------- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 22:25 <DIR> --d----- c:\program files\BullGuard Ltd
2009-08-25 20:25 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-25 20:24 50,176 ac------ c:\windows\system32\dllcache\proquota.exe
2009-08-25 20:24 50,176 a------- c:\windows\system32\proquota.exe
2009-08-25 20:17 <DIR> a-dshr-- C:\cmdcons
2009-08-25 20:12 229,376 a------- c:\windows\PEV.exe
2009-08-24 20:03 19,676 a------- c:\docume~1\alluse~1\applic~1\hisyb.dat
2009-08-24 20:03 15,813 a------- c:\windows\izavawot._sy

==================== Find3M ====================

2009-09-11 08:14 424 a------- c:\program files\vsrjfi.txt
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2008-07-05 20:21 0 a------- c:\documents and settings\jeff withington\jagex_runescape_preferences.dat
2007-04-03 20:35 10,420,936 a------- c:\program files\xlviewer.exe
2006-08-03 18:26 56,584 a------- c:\docume~1\jeffwi~1\applic~1\GDIPFONTCACHEV1.DAT
2005-06-22 11:32 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 9:44:40.21 ===============
Posted 9/12/2009 5:32 AM
#77315
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please update malwarebyte -


The Database version: should be 2783 or higher.



Run a complete scan, have it to fix what it find.





Post malwarebyte log, along with fresh hijackthis log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/14/2009 8:37 AM
#77370
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,

Tried to update Malware but keep getting error message.

message reads:

An error occurred. Please report etc.

Error Code: 732 (0,0)




regards

Wakari
Posted 9/14/2009 11:07 AM
#77372
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. Let´s see if it infections there block for it ->





Please post new combofix log.



Nb. Allow it to update.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/15/2009 10:56 AM
#77393
User avatar

wakari Advanced member

Date Joined Nov 2016
Total Posts: 48
Hi touch,

Here is the combolog

ComboFix 09-09-14.02 - Jeff Withington 15/09/2009 20:32.22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.117 [GMT 12:00]
Running from: c:\documents and settings\Jeff Withington\Desktop\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\tqgvc.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-11 22:15 . 2009-09-11 22:15 -------- d-----w- c:\program files\Trend Micro
2009-09-10 11:13 . 2009-09-10 11:13 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\Yahoo!
2009-09-10 11:13 . 2009-09-10 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-10 11:13 . 2009-09-10 11:13 -------- d-----w- c:\program files\CCleaner
2009-09-07 11:03 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-07 11:03 . 2003-03-31 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-01 11:39 . 2004-08-04 07:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-01 11:39 . 2004-08-04 07:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-08-31 09:41 . 2004-08-04 05:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2009-08-31 09:41 . 2004-08-04 07:56 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-08-31 09:41 . 2001-08-17 00:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2009-08-31 09:41 . 2001-08-17 02:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-08-31 09:41 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2009-08-31 09:41 . 2004-08-04 06:00 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2009-08-31 09:39 . 2001-08-17 00:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2009-08-31 09:34 . 2001-08-17 00:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2009-08-31 09:33 . 2001-08-17 10:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2009-08-31 09:32 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-08-31 09:31 . 2001-08-17 01:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-31 09:31 . 2001-08-17 01:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2009-08-31 09:31 . 2001-08-17 00:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2009-08-31 09:31 . 2001-08-17 01:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2009-08-31 09:31 . 2001-08-17 10:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2009-08-31 09:31 . 2001-08-17 10:36 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2009-08-31 09:31 . 2001-08-17 01:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 39552 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2009-08-31 09:31 . 2001-08-17 01:12 3168 -c--a-w- c:\windows\system32\dllcache\brparimg.sys
2009-08-31 09:24 . 2001-08-17 02:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-08-25 10:26 . 2009-09-15 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-08-25 10:26 . 2009-08-25 10:26 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\BullGuard
2009-08-25 10:25 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-08-25 10:25 . 2009-08-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-25 08:24 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-25 08:24 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 08:32 . 2008-09-07 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 21:56 . 2007-08-05 01:27 -------- d-----w- c:\program files\Java
2009-09-10 20:14 . 2009-09-10 20:14 424 ----a-w- c:\program files\vsrjfi.txt
2009-09-10 11:13 . 2005-02-21 07:41 -------- d-----w- c:\program files\Yahoo!
2009-09-10 02:54 . 2008-09-07 19:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 02:53 . 2008-09-07 19:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 10:38 . 2006-12-18 22:50 -------- d-----w- c:\documents and settings\Jeff Withington\Application Data\uTorrent
2009-08-31 09:12 . 2006-07-09 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 07:28 . 2007-06-26 20:27 -------- d-----w- c:\program files\HaxFix
2009-08-24 12:16 . 2009-07-09 08:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 08:03 . 2009-08-24 08:03 19676 ----a-w- c:\documents and settings\All Users\Application Data\hisyb.dat
2009-08-16 09:41 . 2009-07-18 04:59 -------- d-----w- c:\program files\Escape
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 05:18 . 2004-08-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-31 03:23 . 2009-01-30 21:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 12:55 . 2009-07-25 08:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 07:13 . 2009-07-25 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-25 08:11 . 2009-07-25 08:11 -------- d-----w- c:\program files\bfgclient
2007-04-03 08:35 . 2007-04-03 08:35 10420936 ----a-w- c:\program files\xlviewer.exe
2005-06-21 23:32 . 2005-06-21 23:32 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( [url=SnapShot@2009-09-07_11.06.32]SnapShot@2009-09-07_11.06.32[/url] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 21:49 . 2009-07-31 03:23 149280 c:\windows\system32\javaws.exe
+ 2009-09-11 21:49 . 2009-07-31 03:23 145184 c:\windows\system32\javaw.exe
+ 2009-09-11 21:49 . 2009-07-31 03:23 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-06 1576176]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-14 304464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-30 77824]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-14 304464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-06 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SfCtlCom"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\amcap533.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 5:51 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/06/2006 3:45 p.m. 55024]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/08/2009 10:25 p.m. 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [1/04/2003 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/03/2009 12:07 a.m. 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/03/2009 12:07 a.m. 257304]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 5:51 p.m. 4096]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [1/06/2009 11:50 p.m. 79184]
S3 LcdMini;LcdMini Device;c:\windows\system32\drivers\LcdMini.sys [18/11/2003 11:40 a.m. 50328]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-18 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = ihug Internet
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: healthotago.co.nz\dncag01
Trusted Zone: healthotago.co.nz\dnvcit05
Trusted Zone: healthotago.co.nz\webmail
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-15 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\BGLsp.dll
.
Completion time: 2009-09-15 20:47
ComboFix-quarantined-files.txt 2009-09-15 08:47
ComboFix2.txt 2009-09-07 11:13
ComboFix3.txt 2009-09-03 07:33
ComboFix4.txt 2009-09-01 11:55
ComboFix5.txt 2009-09-15 08:30

Pre-Run: 79,161,589,760 bytes free
Post-Run: 79,166,451,712 bytes free

178 --- E O F --- 2008-12-31 18:39
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, August 10, 2022, 12:27 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
36 Guest(s), 0 Registered Member(s) are currently online.