1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Flcss. - Worm or virus? Dir00,dir01

Discussion in 'Malware and Virus Removal Archive' started by slim21, 2008/07/28.

  1. 2008/07/28
    slim21

    slim21 Inactive Thread Starter

    Joined:
    2008/07/24
    Messages:
    5
    Likes Received:
    0
    Hi all.

    Recently, i found that there was an unknown file dir00, dir01, dir03 in my drive C:/ which contains a dat file12,file13 etc. It can be delete but it still appear again when i reopen my drive C:/ back. Hope that somebody can assist me to remove this file. Somebody save me~

    Please refer my dss and hijack result.

    <<<<<<<<< DSS Result>>>>>>>>>>>>

    Deckard's System Scanner v20071014.68
    Run by Networld Computers on 2008-07-28 15:29:52
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    52: 2008-07-28 07:30:33 UTC - RP297 - Deckard's System Scanner Restore Point
    51: 2008-07-28 06:37:31 UTC - RP296 - Avira AntiVir Personal - 7/28/2008 14:37
    50: 2008-07-25 15:21:27 UTC - RP295 - Software Distribution Service 3.0
    49: 2008-07-25 13:37:13 UTC - RP294 - Removed Me.dium IE Add-on
    48: 2008-07-25 05:05:06 UTC - RP293 - ComboFix created restore point


    -- First Restore Point --
    1: 2008-05-05 02:27:07 UTC - RP246 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 247 MiB (512 MiB recommended).


    -- HijackThis (run as Networld Computers.exe) ----------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33, on 7/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\LClock\LClock.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Networld Computers\Local Settings\Temporary Internet Files\Content.IE5\T8HSERUQ\dss[1].exe
    C:\DOCUME~1\NETWOR~2\Desktop\Networld Computers.exe
    C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE73626-F7F7-4940-854B-7C70C0F293F2}: NameServer = 202.188.0.133 202.188.1.5
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 8049 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1F7DBC9F&0&20F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1F7DBC9F&0&20F0
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-25 10:21:27 648 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Networld Computers.job


    -- Files created between 2008-06-28 and 2008-07-28 -----------------------------

    2008-07-28 15:32:21 0 d-------- C:\dir02
    2008-07-28 15:21:43 0 d-------- C:\dir00
    2008-07-28 15:21:02 0 d-------- C:\dir01
    2008-07-28 15:21:00 0 d-------- C:\dir03
    2008-07-25 23:37:52 0 d-------- C:\Program Files\Enigma Software Group
    2008-07-25 10:16:36 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Symantec
    2008-07-25 10:13:09 0 d-------- C:\Program Files\Windows Sidebar
    2008-07-25 10:11:46 0 d-------- C:\Program Files\Norton Internet Security
    2008-07-24 22:15:33 68096 --a------ C:\WINDOWS\zip.exe
    2008-07-24 22:15:33 49152 --a------ C:\WINDOWS\VFind.exe
    2008-07-24 22:15:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-07-24 22:15:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-07-24 22:15:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-07-24 22:15:33 98816 --a------ C:\WINDOWS\sed.exe
    2008-07-24 22:15:33 80412 --a------ C:\WINDOWS\grep.exe
    2008-07-24 22:15:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-07-24 19:43:52 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-07-24 19:43:42 0 d-------- C:\WINDOWS\Logs
    2008-07-24 19:37:34 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Command & Conquer 3 Tiberium Wars
    2008-07-24 18:35:44 0 d-------- C:\Program Files\uTorrent
    2008-07-24 18:35:41 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\uTorrent
    2008-07-24 16:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-23 17:19:24 19468 --a------ C:\WINDOWS\WSSPORD.DAT
    2008-07-23 17:19:19 9488 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
    2008-07-23 17:19:19 335872 --a------ C:\WINDOWS\system32\mwtsp.dll <Not Verified; MicroWorld Technologies Inc.; MicroWorld Internet Traffic Scanner>
    2008-07-23 17:19:19 110592 --a------ C:\WINDOWS\system32\mwnsp.dll <Not Verified; MicroWorld Technologies Inc.; MicroWorld Internet Traffic Scanner>
    2008-07-23 17:19:19 90112 --a------ C:\WINDOWS\system32\inst_tsp.exe
    2008-07-23 17:19:19 917504 --a------ C:\WINDOWS\system32\contfilt.dll <Not Verified; MicroWorld Technologies Inc.; contfilt>
    2008-07-23 17:19:17 130560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL <Not Verified; ; BCB/Delphi Zip>
    2008-07-23 17:19:17 0 d-------- C:\WINDOWS\system32\FLCSS.EXE
    2008-07-23 17:19:15 0 d-------- C:\Program Files\Common Files\MicroWorld
    2008-07-23 10:10:40 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Google
    2008-07-23 10:09:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2008-07-23 10:09:16 0 d-------- C:\WINDOWS\system32\Adobe
    2008-07-23 10:04:01 0 d-------- C:\Program Files\Me.dium
    2008-07-23 09:27:13 0 d-------- C:\Program Files\MSXML 4.0
    2008-07-22 20:24:43 0 d-------- C:\WINDOWS\Sun
    2008-07-22 20:24:42 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Sun
    2008-07-22 17:18:25 12288 --a------ C:\WINDOWS\system32\aplib.dll
    2008-07-22 17:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-07-21 19:32:55 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Nero
    2008-07-21 12:00:23 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\dvdcss
    2008-07-21 10:25:44 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\WinRAR
    2008-07-21 09:25:59 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
    2008-07-21 09:25:59 16512 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
    2008-07-21 09:25:57 0 d-------- C:\Program Files\iSofter
    2008-07-21 01:00:54 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\AVS4YOU
    2008-07-21 00:00:50 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-07-21 00:00:50 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-07-21 00:00:50 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
    2008-07-18 19:47:57 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\DivX
    2008-07-18 09:21:58 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
    2008-07-17 22:51:47 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\HP
    2008-07-17 22:13:30 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
    2008-07-17 22:06:08 0 d-------- C:\Program Files\Common Files\HP
    2008-07-17 22:00:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-07-17 21:34:42 124269 --a------ C:\WINDOWS\HPHins12.dat
    2008-07-17 21:34:41 14916 -----n--- C:\WINDOWS\hphmdl12.dat
    2008-07-17 20:42:54 56 --a------ C:\ut9x.bat
    2008-07-17 20:42:54 54 --a------ C:\ut.bat
    2008-07-17 20:13:02 0 d-------- C:\temp
    2008-07-17 20:11:35 0 d-------- C:\Program Files\Hp
    2008-07-17 20:11:25 0 d-------- C:\WINDOWS\Downloaded Installations
    2008-07-17 12:05:38 0 d-------- C:\Program Files\BearShare Applications
    2008-07-17 09:15:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-07-16 03:00:46 0 d-------- C:\WINDOWS\system32\PreInstall
    2008-07-16 03:00:42 0 d--h----- C:\WINDOWS\$hf_mig$
    2008-07-15 21:09:24 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Yahoo!
    2008-07-15 21:06:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-07-15 21:05:05 0 d-------- C:\Program Files\Yahoo!
    2008-07-15 20:35:00 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-07-15 20:30:29 0 d-------- C:\WINDOWS\system32\LogFiles
    2008-07-15 20:30:29 0 d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-07-15 19:54:50 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\LimeWire
    2008-07-15 19:53:04 0 d-------- C:\Program Files\Java
    2008-07-15 19:51:46 0 d-------- C:\Program Files\Common Files\Java
    2008-07-15 18:38:53 0 d-------- C:\Program Files\Google
    2008-07-15 17:39:23 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2008-07-11 19:07:41 0 d-------- C:\Program Files\Streamyx Connection Helper
    2008-07-11 18:51:47 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Macromedia
    2008-07-11 18:51:35 0 d--hs---- C:\WINDOWS\ftpcache


    -- Find3M Report ---------------------------------------------------------------

    2008-07-28 13:52:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-26 00:20:25 0 d-------- C:\Program Files\Messenger
    2008-07-25 21:21:53 0 d-------- C:\Program Files\Common Files
    2008-07-25 21:21:53 0 d-------- C:\Program Files\Common Files\Adobe
    2008-07-25 20:41:34 0 d-------- C:\Documents and Settings\Networld Computers\Application Data\Adobe
    2008-07-25 10:14:04 0 d-------- C:\Program Files\Symantec
    2008-07-21 16:17:34 109 --a------ C:\Documents and Settings\Networld Computers\Application Data\AVSDVDPlayer.m3u
    2008-07-17 22:06:04 0 d-------- C:\Program Files\Hewlett-Packard


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    06/30/2008 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
    07/07/2008 17:27 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    07/25/2008 10:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5E5C1E6-78DB-49F0-A137-8D594F342FD6}]
    06/12/2008 12:06 651544 --a------ C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [06/30/2008 13:44 349552]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 20:00]
    "PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 20:00]
    "PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 20:00]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36]
    "AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 13:47 C:\WINDOWS\Alcxmntr.exe]
    "LClock "= "C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/26/2008 09:47]
    "osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 14:49]
    "NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 00:24]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/25/2008 14:55]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 20:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [11/26/2002 8:18:52 PM]
    officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [11/26/2002 7:43:46 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2008-07-28 15:34:26 ------------


    <<<<<HIJACK result>>>>>>>>>>>>>>>>>

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:38, on 7/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\LClock\LClock.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Networld Computers\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
    O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE73626-F7F7-4940-854B-7C70C0F293F2}: NameServer = 202.188.0.133 202.188.1.5
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 7886 bytes
     
    slim21,
    #1
  2. 2008/07/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome slim21 :)

    Please right click a couple of those re-generating folders and select Send To>Compressed (zipped) Folder.
    A zip file of the same name will be created right there in the C: drive.
    Please upload those zipped files to my submission channel for analysis. Leave a link back to this topic.

    Thanks!

    Who instructed you to run ComboFix?
    Please post the comboFix log located at C:\ComboFix.txt for review.
     
    noahdfear,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...