1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Cleaned up Backdoor/Generic Trojan I think

Discussion in 'Malware and Virus Removal Archive' started by Condor3d, 2009/08/30.

  1. 2009/08/30
    Condor3d

    Condor3d Inactive Thread Starter

    Joined:
    2009/08/30
    Messages:
    2
    Likes Received:
    0
    [Resolved] Cleaned up Backdoor/Generic Trojan I think

    Can you please review my Hijackthis log?? I have dds and attach.txt listed below this. Thanks for any insight!


    Scan saved at 9:23:25 PM, on 8/30/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Cyb2k.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

    --
    End of file - 5055 bytes


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Blackjack at 21:30:28.53 on Sun 08/30/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1510 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Cyb2k.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Blackjack\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page =
    mStart Page = hxxp://www.google.com
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [AtiPTA] atiptaxx.exe
    mRun: [C2K] c:\windows\Cyb2k.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    LSP: c:\windows\system32\lspcs.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\blackj~1\applic~1\mozilla\firefox\profiles\37i9sw7k.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-7 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-7 297752]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\blackj~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\blackj~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

    =============== Created Last 30 ================

    2009-08-30 21:14 <DIR> --d----- c:\program files\Trend Micro
    2009-08-30 21:08 112,799 a------- C:\MGlogs.zip
    2009-08-30 21:08 <DIR> --d----- C:\MGtools
    2009-08-30 19:07 <DIR> -cd----- c:\windows\system32\dllcache\cache
    2009-08-30 18:51 <DIR> a-dshr-- C:\cmdcons
    2009-08-30 18:49 229,376 a------- c:\windows\PEV.exe
    2009-08-30 18:49 161,792 a------- c:\windows\SWREG.exe
    2009-08-30 18:49 98,816 a------- c:\windows\sed.exe
    2009-08-30 18:45 <DIR> --d----- c:\docume~1\blackj~1\applic~1\Malwarebytes
    2009-08-30 18:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-08-30 17:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-08-30 17:26 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-08-30 17:26 <DIR> --d----- c:\docume~1\blackj~1\applic~1\SUPERAntiSpyware.com
    2009-08-30 17:04 1,344,235 a------- C:\MGtools.exe
    2009-08-30 16:12 <DIR> --d----- c:\program files\Enigma Software Group
    2009-08-30 15:27 <DIR> --d----- c:\program files\CCleaner
    2009-08-30 15:12 <DIR> --d----- c:\program files\Sun
    2009-08-30 15:12 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-08-29 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
    2009-08-29 18:30 <DIR> --d----- c:\docume~1\blackj~1\applic~1\Spyware Terminator
    2009-08-29 18:14 <DIR> --d----- c:\program files\Spybot - Search & Destroy(2)
    2009-08-29 17:51 <DIR> --d----- C:\$AVG8.VAULT$
    2009-08-29 17:39 889,593 a------- c:\windows\system32\xa.tmp
    2009-08-15 22:33 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-15 22:33 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-15 22:33 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-15 22:33 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-15 22:33 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-15 22:33 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-08-15 22:33 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-08-15 22:33 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-08-15 22:33 <DIR> --d----- C:\f5529a5cd41f004f697b7498aa19
    2009-08-15 22:29 <DIR> --d----- c:\program files\MSXML 6.0
    2009-08-12 21:10 <DIR> --d----- c:\windows\ServicePackFiles

    ==================== Find3M ====================

    2009-08-30 15:12 410,984 a------- c:\windows\system32\deploytk.dll
    2009-08-25 20:25 79,970 a------- c:\windows\War3Unin.dat
    2009-08-22 15:20 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-08-22 15:20 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-06-26 11:18 659,456 -------- c:\windows\system32\wininet.dll
    2009-06-26 11:18 81,920 a------- c:\windows\system32\ieencode.dll
    2009-06-25 13:36 661,504 a------- c:\windows\system32\mqqm.dll
    2009-06-25 13:36 517,120 a------- c:\windows\system32\mqsnap.dll
    2009-06-25 13:36 471,552 a------- c:\windows\system32\mqutil.dll
    2009-06-25 13:36 225,280 a------- c:\windows\system32\mqoa.dll
    2009-06-25 13:36 186,880 a------- c:\windows\system32\mqtrig.dll
    2009-06-25 13:36 177,152 a------- c:\windows\system32\mqrt.dll
    2009-06-25 13:36 138,240 a------- c:\windows\system32\mqad.dll
    2009-06-25 13:36 123,392 a------- c:\windows\system32\mqrtdep.dll
    2009-06-25 13:36 95,744 a------- c:\windows\system32\mqsec.dll
    2009-06-25 13:36 48,640 a------- c:\windows\system32\mqupgrd.dll
    2009-06-25 13:36 47,104 a------- c:\windows\system32\mqdscli.dll
    2009-06-25 13:36 16,896 a------- c:\windows\system32\mqise.dll
    2009-06-25 03:44 724,480 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 03:44 298,496 a------- c:\windows\system32\kerberos.dll
    2009-06-25 03:44 168,448 a------- c:\windows\system32\schannel.dll
    2009-06-25 03:44 133,632 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 03:44 59,392 a------- c:\windows\system32\wdigest.dll
    2009-06-25 03:44 56,320 a------- c:\windows\system32\secur32.dll
    2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
    2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
    2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
    2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
    2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
    2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
    2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
    2008-11-18 13:51 22,688 a------- c:\docume~1\blackj~1\applic~1\GDIPFONTCACHEV1.DAT
    2008-10-10 22:08 22,328 a------- c:\docume~1\blackj~1\applic~1\PnkBstrK.sys
    2003-03-21 13:37 16,056 a------- c:\program files\owcstp16.dll

    ============= FINISH: 21:30:46.34 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2005 10:24:05 AM
    System Uptime: 8/30/2009 8:16:42 PM (1 hours ago)

    Motherboard: | | 848P-ICH5
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2793/200mhz
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2793/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 165.318 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP657: 8/30/2009 9:25:08 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.0
    ATI Display Driver (Omega 3.8.442)
    AVG Free 8.5
    Barbie ® Riding Club
    Battlefield 2(TM)
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    CCleaner (remove only)
    Command & Conquerâ„¢ Red Alertâ„¢ 3
    Competitions at Rosemond Hill
    Counter-Strike: Source
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Critical Update for Windows Media Player 11 (KB959772)
    Day of Defeat
    FinalBurner Free v1.20.0.107
    Guild Wars
    Half-Life
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    hp officejet g series
    Java DB 10.4.1.3
    Java(TM) 6 Update 13
    Java(TM) SE Development Kit 6 Update 13
    LEGO Island 2
    LimeWire 5.1.2
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office XP Professional with FrontPage
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.8)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB954459)
    MultiRes (remove only)
    PunkBuster Services
    QuickBooks Pro 2009
    QuickBooks Simple Start 2009
    REALTEK GbE & FE Ethernet PCI NIC Driver
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Rhapsody Player Engine
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Solid Oak Software WhatsMyDNS 1.8.2.21b
    Sound Blaster Audigy
    Steam
    SUPERAntiSpyware Free Edition
    The Legacy of Rosemond Hill
    The Sims 2
    The Sims 2 Glamour Life Stuff
    The Sims 2 Nightlife
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims 2 University
    The Simsâ„¢ 2 Apartment Life
    The Simsâ„¢ 2 Bon Voyage
    The Simsâ„¢ 2 FreeTime
    The Simsâ„¢ 2 H&M® Fashion Stuff
    The Simsâ„¢ 2 Seasons
    The Simsâ„¢ 2 Teen Style Stuff
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Ventrilo Client
    Warcraft III: All Products
    WebFldrs XP
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Toolbar
    Zune Desktop Theme

    ==== Event Viewer Messages From Past Week ========

    8/30/2009 8:17:26 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced.
    8/30/2009 7:03:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    8/30/2009 7:03:54 PM, error: ati2mtag [45062] - CRT invalid display type
    8/30/2009 7:03:47 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    8/30/2009 6:56:10 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    8/30/2009 6:55:47 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
    8/30/2009 6:54:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'addins' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    ==== End Of File ===========================
     
    Condor3d,
    #1
  2. 2009/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks pretty clean.
    You can "fix" these two in HJT:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    Just clutter.

    Also....

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/09/02
    Condor3d

    Condor3d Inactive Thread Starter

    Joined:
    2009/08/30
    Messages:
    2
    Likes Received:
    0
    I sincerely appreciate the time you took to help me out.

    I will make the changes you suggested.

    One note I wanted to add, the little nasty I received was a virus, wrapped in a trojan, wrapped in a rootkit from what I can tell.

    I literally picked it up just from hitting a website I should not have been on called www dot Gibuu dot com

    I saw the website on battlenet.com (Warcraft games) and thinking it was a gamer site found out that a. it was a **** site and b. that I got this little package I believe just from hitting the site.

    Point is, I think this malware was watching and learning as I attempted to fix it. I disconnected from the internet to execute most of the fixes but it definitely shut down Highjackthis and Combofix.

    Thanks again!

    Jeff
     
    Last edited by a moderator: 2009/09/03
    Condor3d,
    #3
  5. 2009/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's very good idea to download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...