1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Attention xxx! Some trojan horses...

Discussion in 'Malware and Virus Removal Archive' started by azrabean, 2008/06/28.

  1. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    im experiencing the same previous malware and have tried some of the solutions such as MBAM, SmitfraudFix, ComboFix but that annoying pop ups still present when im browsing windows. hope that u guys can help me bcoz im a noob here..

    this is my deckcard's log:

    Deckard's System Scanner v20071014.68
    Run by ducati on 2008-06-28 21:40:16
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as ducati.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40:20, on 6/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\DOCUME~1\ducati\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\PEAgent\PEAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\PEAgent\PEAgentMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Documents and Settings\ducati\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ducati.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\xmlview.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [Policy Enforcer] "C:\WINDOWS\PEAgent\PEAgentMonitor.exe" /LAUNCH
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe "
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFA54B6-1E64-4B17-B28D-191802229268}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe
    O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

    --
    End of file - 6763 bytes

    -- Files created between 2008-05-28 and 2008-06-28 -----------------------------

    2008-06-28 21:37:30 0 d-------- C:\Program Files\Trend Micro
    2008-06-28 21:11:46 0 d-------- C:\Program Files\uTorrent
    2008-06-28 21:11:36 0 d-------- C:\Documents and Settings\ducati\Application Data\uTorrent
    2008-06-28 20:50:17 68096 --a------ C:\WINDOWS\zip.exe
    2008-06-28 20:50:17 49152 --a------ C:\WINDOWS\VFind.exe
    2008-06-28 20:50:17 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-06-28 20:50:17 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-06-28 20:50:17 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-06-28 20:50:17 98816 --a------ C:\WINDOWS\sed.exe
    2008-06-28 20:50:17 80412 --a------ C:\WINDOWS\grep.exe
    2008-06-28 20:50:17 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-06-28 20:31:16 0 d-------- C:\Documents and Settings\ducati\Application Data\Malwarebytes
    2008-06-28 20:31:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-28 20:31:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-28 20:12:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-06-28 20:12:06 0 d--h----- C:\Documents and Settings\Administrator\Recent
    2008-06-28 20:12:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-06-28 20:12:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-06-28 20:12:06 0 d-------- C:\Documents and Settings\Administrator\My Documents
    2008-06-28 20:12:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-06-28 20:12:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
    2008-06-28 20:12:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-06-28 20:12:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
    2008-06-28 20:12:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-06-28 20:12:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-06-28 20:12:05 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-06-28 20:12:05 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-06-28 20:12:05 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-06-28 19:47:21 2160 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-28 19:15:13 0 d--h----- C:\$AVG8.VAULT$
    2008-06-28 17:31:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-28 17:24:27 1152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-06-28 17:23:52 0 d-------- C:\Program Files\Common Files\Download Manager
    2008-06-28 16:26:14 26624 --a------ C:\WINDOWS\system32\xmlview.dll
    2008-06-26 23:30:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-06-26 23:29:16 0 d-------- C:\Program Files\Common Files\Macromedia Shared
    2008-06-26 23:28:56 0 d-------- C:\Program Files\Common Files\Macromedia
    2008-06-26 23:28:11 0 d-------- C:\Program Files\Macromedia
    2008-06-23 22:47:34 0 d-------- C:\WINDOWS\system32\LogFiles
    2008-06-23 20:37:20 0 d-------- C:\Program Files\MSXML 4.0
    2008-06-23 18:12:33 0 d-------- C:\Documents and Settings\ducati\Application Data\Nitro PDF
    2008-06-23 18:11:22 0 d-------- C:\Program Files\Nitro PDF
    2008-06-23 18:11:22 0 d-------- C:\Program Files\Common Files\Nitro PDF
    2008-06-23 18:11:22 0 d-------- C:\Program Files\Common Files\BCL Technologies
    2008-06-23 18:11:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    2008-06-23 14:41:17 0 d---s---- C:\Documents and Settings\ducati\UserData
    2008-06-22 21:38:07 0 d-------- C:\Documents and Settings\ducati\Application Data\Real
    2008-06-22 01:21:30 49152 --a------ C:\WINDOWS\system32\LRN2KE.DLL <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2008-06-22 01:21:30 23552 --a------ C:\WINDOWS\system32\drivers\lrpppoe.sys
    2008-06-22 01:21:30 0 d-------- C:\Program Files\BrightEcho
    2008-06-04 23:15:36 0 d-------- C:\Program Files\Winamp
    2008-06-04 22:55:28 0 d-------- C:\WINDOWS\system32\appmgmt
    2008-05-30 14:09:34 0 d-------- C:\Documents and Settings\ducati\Application Data\Google
    2008-05-29 03:25:08 0 d-------- C:\WINDOWS\system32\PreInstall


    -- Find3M Report ---------------------------------------------------------------

    2008-06-28 17:23:52 0 d-------- C:\Program Files\Common Files
    2008-06-27 14:17:08 0 d-------- C:\Program Files\Valve
    2008-06-26 23:29:13 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-24 00:36:16 0 d-------- C:\Documents and Settings\ducati\Application Data\Adobe
    2008-06-23 20:39:11 0 d-------- C:\Program Files\Messenger
    2008-06-20 21:02:31 0 d-------- C:\Documents and Settings\ducati\Application Data\Ahead
    2008-06-17 22:54:14 0 d-------- C:\Program Files\mIRC
    2008-06-10 21:55:23 0 d-------- C:\Program Files\DC++
    2008-06-04 23:12:58 0 d-------- C:\Program Files\EA Sports
    2008-06-04 22:55:04 0 d-------- C:\Program Files\DaemonUI
    2008-06-04 16:40:30 0 d-------- C:\Program Files\Google
    2008-05-30 14:10:34 0 d-------- C:\Documents and Settings\ducati\Application Data\AVGTOOLBAR
    2008-05-27 03:38:55 0 d-------- C:\Program Files\Vdesk 2 & BTEWin
    2008-05-27 03:34:05 35328 --a------ C:\WINDOWS\daemount.exe <Not Verified; http://www.aldostools.com/; DAEMON Tools Front End>
    2008-05-25 04:51:38 0 d-------- C:\Program Files\Common Files\Ahead
    2008-05-25 04:51:37 0 d-------- C:\Program Files\Nero
    2008-05-24 06:23:14 0 d-------- C:\Program Files\Bonjour
    2008-05-24 06:22:54 0 d-------- C:\Program Files\Common Files\Adobe
    2008-05-24 06:18:07 0 dr-h----- C:\Documents and Settings\ducati\Application Data\SecuROM
    2008-05-24 06:14:40 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-05-24 02:32:23 0 d-------- C:\Program Files\Common Files\ODBC
    2008-05-24 02:32:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
    2008-05-24 02:31:53 62 --ahs---- C:\Documents and Settings\ducati\Application Data\desktop.ini
    2008-05-24 00:46:30 0 d-------- C:\Program Files\AVG
    2008-05-23 23:45:27 0 d-------- C:\Program Files\Microsoft Works
    2008-05-23 23:45:18 0 d-------- C:\Program Files\MSBuild
    2008-05-23 23:00:34 0 d-------- C:\Documents and Settings\ducati\Application Data\Media Player Classic
    2008-05-23 22:59:58 0 --a------ C:\WINDOWS\nsreg.dat
    2008-05-23 22:59:53 0 d-------- C:\Documents and Settings\ducati\Application Data\Mozilla
    2008-05-23 22:58:06 0 d-------- C:\Program Files\Common Files\Real
    2008-05-23 22:58:01 0 d-------- C:\Program Files\Ringz Studio
    2008-05-23 22:51:49 0 d-------- C:\Documents and Settings\ducati\Application Data\Macromedia
    2008-05-23 22:48:34 0 d-------- C:\Program Files\Yahoo!
    2008-05-23 22:19:19 0 d-------- C:\Program Files\Opanda
    2008-05-23 22:18:25 0 d-------- C:\Program Files\Flickr Uploadr
    2008-05-23 21:51:46 0 d-------- C:\Program Files\Broadcom
    2008-05-23 21:51:32 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-23 21:46:39 0 d-------- C:\Program Files\ACER Crystal Eye webcam
    2008-05-23 21:46:38 0 d-------- C:\Program Files\SUYIN
    2008-05-23 21:44:54 0 d-------- C:\Program Files\Realtek
    2008-05-23 21:44:47 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2008-05-23 21:43:37 0 d-------- C:\Documents and Settings\ducati\Application Data\InstallShield
    2008-05-23 19:01:53 0 d-------- C:\Documents and Settings\ducati\Application Data\Identities
    2008-05-23 18:56:31 0 d-------- C:\Program Files\microsoft frontpage
    2008-05-23 18:56:17 0 -rahs---- C:\MSDOS.SYS
    2008-05-23 18:56:17 0 -rahs---- C:\IO.SYS
    2008-05-23 18:56:17 0 --a------ C:\CONFIG.SYS
    2008-05-23 18:56:17 0 --a------ C:\AUTOEXEC.BAT
    2008-05-23 18:55:05 0 d--h----- C:\Program Files\WindowsUpdate
    2008-05-23 18:54:10 0 d-------- C:\Program Files\Common Files\MSSoap
    2008-05-23 18:54:02 0 d-------- C:\Program Files\Movie Maker
    2008-05-23 18:53:12 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-05-23 18:52:42 0 d-------- C:\Program Files\Online Services
    2008-05-23 18:52:33 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-05-23 18:52:24 0 d-------- C:\Program Files\Windows NT


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD}]
    06/28/2008 16:26 26624 --a------ C:\WINDOWS\system32\xmlview.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    05/24/2008 00:46 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E} "= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/24/2008 00:46 2050816]

    [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL "= "RTHDCPL.EXE" [07/12/2007 14:48 C:\WINDOWS\RTHDCPL.exe]
    "AzMixerSel "= "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [07/12/2007 14:49]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [07/12/2007 14:53]
    "nwiz "= "nwiz.exe" [07/12/2007 14:54 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [07/12/2007 14:53]
    "BroadcomWireless "= "C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" []
    "Policy Enforcer "= "C:\WINDOWS\PEAgent\PEAgentMonitor.exe" [08/30/2007 19:37]
    "StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/27/2006 02:30]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/24/2008 00:46]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [05/15/2007 06:22]
    "Nitro PDF Printer Monitor "= "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [03/26/2008 12:53]
    "SNM "= "C:\Program Files\SpyNoMore\SNM.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 05:22]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/07/2004 04:00]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [10/28/2005 16:25]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2008 14:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=avgrsstx.dll




    -- End of Deckard's System Scanner: finished at 2008-06-28 21:40:43 ------------
     
    azrabean,
    #1
  2. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    this is the log from hyjack this after the deck scan:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:17:13, on 6/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\DOCUME~1\ducati\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\PEAgent\PEAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\PEAgent\PEAgentMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\xmlview.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [Policy Enforcer] "C:\WINDOWS\PEAgent\PEAgentMonitor.exe" /LAUNCH
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe "
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFA54B6-1E64-4B17-B28D-191802229268}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe
    O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

    --
    End of file - 6747 bytes
     
    azrabean,
    #2


  3. to hide this advert.

  4. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    this is the log from MBAM:


    Malwarebytes' Anti-Malware 1.18
    Database version: 897

    10:23:41 PM 6/28/2008
    mbam-log-6-28-2008 (22-23-41).txt

    Scan type: Quick Scan
    Objects scanned: 39802
    Time elapsed: 4 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    azrabean,
    #3
  5. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    and this log is from hyjackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:29:50, on 6/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\DOCUME~1\ducati\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\PEAgent\PEAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\PEAgent\PEAgentMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\xmlview.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [Policy Enforcer] "C:\WINDOWS\PEAgent\PEAgentMonitor.exe" /LAUNCH
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe "
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFA54B6-1E64-4B17-B28D-191802229268}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe
    O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

    --
    End of file - 6747 bytes
     
    azrabean,
    #4
  6. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    wohooo....im so happy to remove that annoying popups :D
    what i did was;
    1- read all thread with the same malware (have been posted many times)
    2- aware of the recommendations from the staffs (eg. what they ask to do, the sequence, links that might help, the trending etc)
    3- rerun hyjackthis many times and find something unusual (it's ur computer, ure the one knows it best) (ie, what programs are installed, anything suspicious recheck with process library)
    4- check fixed for the suspected suspicios/unusual (i just trial n error..huhu:eek::eek:)
    5- if popups still present, try in the safe mode
    6- after ure satisfy/sure that no more suspicious in the hyjackthis log, run MBAM again



    this is my latest MBAM log;

    Malwarebytes' Anti-Malware 1.18
    Database version: 898

    1:16:15 AM 6/29/2008
    mbam-log-6-29-2008 (01-16-09).txt

    Scan type: Quick Scan
    Objects scanned: 39843
    Time elapsed: 4 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\xmlview.dll (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\xmlview.dll (Trojan.FakeAlert) -> No action taken.
     
    azrabean,
    #5
  7. 2008/06/28
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    this is my hyjackthis log after theres no more popups;


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:37:43, on 6/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\DOCUME~1\ducati\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\PEAgent\PEAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\PEAgent\PEAgentMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [Policy Enforcer] "C:\WINDOWS\PEAgent\PEAgentMonitor.exe" /LAUNCH
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe "
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AFA54B6-1E64-4B17-B28D-191802229268}: NameServer = 202.188.0.133 202.188.1.5
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe
    O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

    --
    End of file - 6398 bytes




    hope that theres no corrupted file..can someone check pls..
     
    azrabean,
    #6
  8. 2008/06/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS azrabean :)

    Good to see you got your issue resolved. Do you know what the following program is?

    C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

    Log looks clean otherwise ;)
     
    noahdfear,
    #7
  9. 2008/06/29
    azrabean

    azrabean Inactive Thread Starter

    Joined:
    2008/06/28
    Messages:
    7
    Likes Received:
    0
    it is the codec. after i got disinfected, the player turns out not working properly. i just uninstall it and replace with stormcodec.. thnx anyway ;);)
     
    azrabean,
    #8
  10. 2008/06/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Would you send me a link to where you got that codec via PM please. I'd like to check it out. Not much information available on it. Thanks!
     
    noahdfear,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...