Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Dopper.agent
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Dopper.agent  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Dopper.agent
[ << Previous Thread | Next Thread >> ]

dude_dude_dude2001
New Member


Date Joined Jun 2006
Total Posts : 10
  		   Posted 12-28-2007 4:11 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
Ive ran the 4 files, heres the logs, I cant seem to save a report in aVG and HJT is getting a prgram error. I did manage to get a log from it though
 


File Attachment :
hijackthis.log   4KB (application/octet-stream)
This file has been downloaded 61 time(s).

File Attachment :
rootlog.log   2KB (application/octet-stream)
This file has been downloaded 108 time(s).

File Attachment :
ComboFix.log   14KB (application/octet-stream)
This file has been downloaded 111 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14307
  		   Posted 12-28-2007 7:31 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
Hello smile
 
 
 
Please post the log files using post reply button, meaning - don´t attach them, as it is a bit confusing having three logfiles open at the same time ;-)

Do NOT post your problem in someone elses thread.

Back to Top
 

dude_dude_dude2001
New Member


Date Joined Jun 2006
Total Posts : 10
  		   Posted 12-29-2007 3:34 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:39 PM, on 12/27/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhf.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: maps.google.ca
O15 - Trusted Zone: www.google.ca
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5391BA-3020-443D-B265-10C0C495A9D0}: Domain = va.shawcable.net
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 3971 bytes
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
Thu 12/27/2007  6:14:41.35
Driver npf (visible) is present. Run COMBOFIX by sUBs.
********************************* ROOTCHK-LOG-end

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 06:14:43
Windows 5.0.2195 Service Pack 4
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:48dc877d
"s2"=dword:afeb9a70
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d9,ca,29,bd,25,b4,b3,c3,3d,fc,08,75,1f,45,9d,2a,b2,c2,76,d8,13,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,12,62,85,9e,2b,bd,2d,f5,a6,7e,36,11,52,46,da,d7,a4,..
"khjeh"=hex:51,55,65,9c,ea,d6,37,b1,05,0a,72,a5,5d,ea,be,d5,8f,c8,30,f8,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:54,3c,9e,74,24,1b,da,07,08,40,a4,d7,f1,2e,0e,3c,c9,39,f8,12,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d9,ca,29,bd,25,b4,b3,c3,3d,fc,08,75,1f,45,9d,2a,b2,c2,76,d8,13,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,12,62,85,9e,2b,bd,2d,f5,a6,7e,36,11,52,46,da,d7,a4,..
"khjeh"=hex:51,55,65,9c,ea,d6,37,b1,05,0a,72,a5,5d,ea,be,d5,8f,c8,30,f8,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:54,3c,9e,74,24,1b,da,07,08,40,a4,d7,f1,2e,0e,3c,c9,39,f8,12,59,..
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
ComboFix 07-12-21.4 - Administrator 12/27/2007  6:16:56.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\My Documents\MCROSO~1.NET
C:\Documents and Settings\Administrator\My Documents\MCROSO~1.NET\M?crosoft.NET\
C:\Documents and Settings\Administrator\My Documents\MCROSO~1.NET\netdde .exe
C:\Documents and Settings\Administrator\My Documents\STEM32~1
C:\Documents and Settings\Administrator\My Documents\STEM32~1\d?xplore.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\{0C48F~1
C:\Program Files\Common Files\{3C48F~1
C:\Program Files\Common Files\{3C48F~1\toolbardll.lzma
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\security tools
C:\Program Files\security tools\ot.ico
C:\Program Files\security tools\ts.ico
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\start.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\SYSTEM32\fhkmp.ini
C:\WINDOWS\SYSTEM32\fhkmp.ini2
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\opnlmmn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\rqrpoli.dll
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\Z3JlZw\
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_NETDOWN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\NETDown
-------\Network Monitor
-------\nm
-------\NPF

(((((((((((((((((((((((((   Files Created from 2007-11-27 to 2007-12-27  )))))))))))))))))))))))))))))))
.
2007-12-27 06:22 .  16,384  C:\WINDOWS\SYSTEM32\Perflib_Perfdata_3fc.dat
2007-12-27 06:17 . 07-12-27 06:17  348,160 --a------ C:\WINDOWS\SYSTEM32\pmkhf.exe
2007-12-26 22:35 . 07-12-26 22:35  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-26 22:34 . 07-12-26 22:34  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 22:34 . 07-05-30 04:10  10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-26 22:27 . 07-12-26 22:27  <DIR> d-------- C:\Program Files\CCleaner
2007-12-26 22:08 . 07-12-26 22:52  143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-12-26 22:01 . 07-12-26 22:01  <DIR> d-------- C:\Documents and Settings\Default User\Application Data\NetMon
2007-12-26 22:00 . 07-12-26 22:00  <DIR> d-------- C:\WINDOWS\SYSTEM32\pop3
2007-12-26 22:00 . 07-12-27 06:12  <DIR> d-------- C:\WINDOWS\SYSTEM32\level2
2007-12-26 22:00 . 07-12-26 22:00  39,936 --a------ C:\WINDOWS\17PHolmes572.exe
2007-12-26 22:00 . 07-12-26 22:00  39,936 --a------ C:\WINDOWS\17PHolmes1000106.exe
2007-12-26 21:59 . 07-12-26 21:59  <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2007-12-26 21:59 . 07-12-26 22:00  <DIR> d-------- C:\Temp\cEeer12
2007-12-26 21:59 . 07-12-27 06:19  <DIR> d-------- C:\Temp
2007-12-26 00:02 . 07-12-26 00:02  <DIR> d-------- C:\MySlideshow
2007-12-25 13:54 . 07-12-25 13:54  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2007-12-25 13:17 . 07-12-25 13:17  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-25 13:07 . 07-12-25 13:07  <DIR> d-------- C:\Program Files\LightScribeTemplateLabeler
2007-12-25 13:01 . 07-12-25 13:02  <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-25 12:53 . 07-12-25 12:53  <DIR> d-------- C:\PhotoDVD
2007-12-02 08:24 . 07-12-02 08:24  <DIR> d-------- C:\Program Files\PowerISO
2007-11-30 17:25 . 07-11-30 17:26  24 ---hs---- C:\WINDOWS\S86B9AD64.tmp
2007-11-28 23:37 . 07-11-28 23:37  8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 14:12 --------- d-----w C:\Program Files\QuickTime
2007-12-27 14:12 --------- d-----w C:\Program Files\PLUS!
2007-12-27 14:12 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 14:12 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-12-27 14:12 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-27 05:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 22:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-27 02:03 --------- d-----w C:\Program Files\snow2
2007-11-26 06:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-11-26 06:13 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-23 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-17 06:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Snapfish
2007-11-15 01:07 --------- d-----w C:\Program Files\LimeWire
2007-11-14 21:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SHARP
2006-12-24 00:18 305 ---h--w C:\Program Files\desktop.ini
2006-12-24 00:17 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 20:00 32,528 ----a-w C:\WINDOWS\inf\wbfirdma.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37D2AC3B-2C95-4184-98DE-BACE4164EBDA}]
   C:\Program Files\Online Services\nipyxabe4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C5E6017-5B43-4404-679E-3EAC64CE6D87}]
   C:\Program Files\PLUS!\rybi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95F7AF11-46FE-7C59-8B2C-3AE67682029B}]
   C:\WINDOWS\system32\radpi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72F6699-4BD2-4410-94B8-640417DB3CB9}]
   C:\Program Files\Online Services\nipyxabe83122.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
06-07-13 12:39  2362640 --a------ C:\WINDOWS\system32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" []
"Synchronization Manager"="mobsync.exe" [03-06-19 19:05  C:\WINDOWS\SYSTEM32\mobsync.exe]
"CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [06-09-28 11:21 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [07-12-27 06:17 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
05-06-06 23:46  57344 --a------ D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
07-10-10 19:51  39792 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aown]
   C:\DOCUME~1\ADMINI~1\MYDOCU~1\MCROSO~1.NET\netdde.exe -vt yazb
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
   C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
   D:\Program Files\ClamWin\bin\ClamTray.exe --logon
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpoylz]
   C:\Documents and Settings\Administrator\My Documents\??stem32\d?xplore.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
   C:\Program Files\ipwins\ipwins.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
06-10-30 09:36  256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
07-12-27 06:17  348160 --a------ C:\WINDOWS\system32\pmkhf.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
   svehost.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
   C:\Program Files\MSN Messenger\MsnMsgr.Exe /background
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntdll.dll]
   C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\qttask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
   C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
   C:\WINDOWS\system32\hpcelrsb.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
01-10-12 15:45  69632 --a------ C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spooler SubSystem App]
   C:\WINDOWS\system32\spooIsv.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
06-11-09 15:07  49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
   mobsync.exe /logon
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
   SysTray.Exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_eCare_Lite_McciTrayApp]
07-01-26 10:59  1007720 --a------ C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0C48F6A2-0361-1033-0825-000310150001}]
   C:\Program Files\Common Files\{0C48F6A2-0361-1033-0825-000310150001}\Update.exe mc-110-12-0000144
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"iPod Service"=3 (0x3)
"COM+ Messages"=2 (0x2)
"Portable Media Serial Number"=2 (0x2)
"SBHookSvc"=3 (0x3)
"NETDown"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0C48F6A2-0361-1033-0825-000310150001}"="C:\Program 11Files\Common Files\{0C48F6A2-0361-1033-0825-000310150001}\Update.exe" mc-110-12-0000144
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [05-11-03 10:50 ]
S3 f3185a19-d348-43c7-98b0-b45e3fdba6e0;f3185a19-d348-43c7-98b0-b45e3fdba6e0;D:\Player\cds300.dll []
S3 hpddndnt;HP DeskDirect Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\hpddnd4.sys [99-11-05 13:37 ]
S4 Portable Media Serial Number;ntv;C:\WINDOWS\ntv.exe []
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 06:23:38
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-27  6:25:00 - machine was rebooted
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14307
  		   Posted 12-29-2007 8:17 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
Thanks smile
 
 
Please download Free  Version of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
 
Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
 
to your desktop.
 
 
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode
 
 
 
 
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
 
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab.  Move  dot from Express scan to Complete Scan.  Click on The Green arrow to the right.  It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
 
 
 
 
 
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log, new combofix log and tell how things are running  ?
 
 
 
 
 
 
 
 
 
 
 

Do NOT post your problem in someone elses thread.

Back to Top
 

dude_dude_dude2001
New Member


Date Joined Jun 2006
Total Posts : 10
  		   Posted 12-30-2007 9:50 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
Heres the logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:53 PM, on 12/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\Virus Pro\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37D2AC3B-2C95-4184-98DE-BACE4164EBDA} - C:\Program Files\Online Services\nipyxabe4444.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: 0 - {3C5E6017-5B43-4404-679E-3EAC64CE6D87} - C:\Program Files\PLUS!\rybi.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {95F7AF11-46FE-7C59-8B2C-3AE67682029B} - C:\WINDOWS\system32\radpi.dll (file missing)
O2 - BHO: (no name) - {E72F6699-4BD2-4410-94B8-640417DB3CB9} - C:\Program Files\Online Services\nipyxabe83122.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: maps.google.ca
O15 - Trusted Zone: www.google.ca
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.25/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5391BA-3020-443D-B265-10C0C495A9D0}: Domain = va.shawcable.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 4779 bytes
msnmsgr.exe;c:\program files\msn messenger;Trojan.MulDrop.10006;Deleted.;
superantispyware.exe;c:\program files\superantispyware;Trojan.MulDrop.10006;Deleted.;
pmkhf.exe;c:\windows\system32;Trojan.MulDrop.10006;Deleted.;
RCX5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.MulDrop.10006;Deleted.;
netdde .exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\Administrator\My Documents\MCROSO~1.NET;Adware.ClickSpring;Will be renamed after reboot.;
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/29/2007 at 08:56 PM
Application Version : 3.9.1008
Core Rules Database Version : 3370
Trace Rules Database Version: 1365
Scan type       : Complete Scan
Total Scan Time : 02:52:24
Memory items scanned      : 252
Memory threats detected   : 1
Registry items scanned    : 4498
Registry threats detected : 14
File items scanned        : 85881
File threats detected     : 53
Trojan.WinFixer
 C:\WINDOWS\SYSTEM32\PMKHF.DLL
 C:\WINDOWS\SYSTEM32\PMKHF.DLL
 HKLM\Software\Classes\CLSID\{C21B31A1-6224-4D27-B2A3-2318AB6FC23F}
 HKCR\CLSID\{C21B31A1-6224-4D27-B2A3-2318AB6FC23F}
 HKCR\CLSID\{C21B31A1-6224-4D27-B2A3-2318AB6FC23F}\InprocServer32
 HKCR\CLSID\{C21B31A1-6224-4D27-B2A3-2318AB6FC23F}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C21B31A1-6224-4D27-B2A3-2318AB6FC23F}
Trojan.Downloader-Gen
 [load] C:\WINDOWS\SYSTEM32\PMKHF.EXE
 C:\WINDOWS\SYSTEM32\PMKHF.EXE
Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
 HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
 C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL
Adware.Tracking Cookie
 C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@url[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@phpmv2[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@msnaccountservices.112.2o7[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@adsby.zwoops[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@reduxads.valuead[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@brightcove.112.2o7[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@ads.k8l[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@www.windowsmedia[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@date.ventivmedia[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@media.top-banners[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@ehg-cineplex.hitbox[2].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@epost.122.2o7[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[1].txt
 C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
Trojan.Unclassifed/Loader-Suspicious
 C:\PROGRAM FILES\DANCE EJAY 2.0 DEMO\D_EJAY2\EJAY\LOADER.EXE
Adware.k8l
 C:\PROGRAM FILES\PLUS!\VIKO.HTML
Adware.ClickSpring
 C:\qoobox\Quarantine\C\Documents and Settings\Administrator\My Documents\STEM32~1\DXPLOR~1.VIR
Adware.ClickSpring/Yazzle
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
Trojan.Unknown Origin
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SECURITY TOOLS\OT.ICO.VIR
 C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SECURITY TOOLS\TS.ICO.VIR
 C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR
 C:\WINDOWS\SYSTEM32\POP3\PARREO83122.EXE
Adware.Vundo Variant
 C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RQRPOLI.DLL.VIR
Trojan.Unclassified/17PHolmes
 C:\WINDOWS\17PHOLMES1000106.EXE
 C:\WINDOWS\17PHOLMES572.EXE
Trojan.Downloader-Gen/BundleBase
 C:\WINDOWS\SYSTEM32\ARDCO01\ARDCO011065.EXE
Adware.Vundo Variant/Rel
 C:\WINDOWS\SYSTEM32\MCRH.TMP
Adware.Need2Find
 D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPND2FN.DLL


ComboFix 07-12-21.4 - Administrator 12/29/2007 21:20:33.2 - NTFSx86
Microsoft Windows 2000 Professional  5.0.2195.4.1252.1.1033.18.351 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Virus Pro\ComboFix.exe
.
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-30  )))))))))))))))))))))))))))))))
.
2007-12-29 21:32 .  16,384  C:\WINDOWS\SYSTEM32\Perflib_Perfdata_3dc.dat
2007-12-29 17:44 . 07-12-29 17:44  73,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dwshd.sys
2007-12-29 12:44 . 07-12-29 12:44  <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-12-29 12:21 . 07-12-29 12:21  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 12:20 . 07-12-29 21:18  <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 12:20 . 07-12-29 12:20  <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 12:20 . 07-12-29 12:20  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-28 20:36 . 07-12-28 20:39  <DIR> d-------- C:\Program Files\Sims2Pack Clean Installer
2007-12-27 11:20 . 07-12-29 21:12  19,243 --ahs---- C:\WINDOWS\SYSTEM32\fhkmp.ini
2007-12-27 11:20 . 07-12-29 21:10  19,192 --ahs---- C:\WINDOWS\SYSTEM32\fhkmp.ini2
2007-12-26 22:35 . 07-12-26 22:35  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-26 22:34 . 07-12-26 22:34  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 22:34 . 07-05-30 04:10  10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-26 22:27 . 07-12-26 22:27  <DIR> d-------- C:\Program Files\CCleaner
2007-12-26 22:01 . 07-12-26 22:01  <DIR> d-------- C:\Documents and Settings\Default User\Application Data\NetMon
2007-12-26 22:00 . 07-12-29 21:13  <DIR> d-------- C:\WINDOWS\SYSTEM32\pop3
2007-12-26 22:00 . 07-12-27 06:12  <DIR> d-------- C:\WINDOWS\SYSTEM32\level2
2007-12-26 21:59 . 07-12-29 21:13  <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2007-12-26 21:59 . 07-12-26 22:00  <DIR> d-------- C:\Temp\cEeer12
2007-12-26 21:59 . 07-12-27 06:19  <DIR> d-------- C:\Temp
2007-12-26 00:02 . 07-12-26 00:02  <DIR> d-------- C:\MySlideshow
2007-12-25 13:54 . 07-12-25 13:54  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2007-12-25 13:17 . 07-12-25 13:17  <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-25 13:07 . 07-12-25 13:07  <DIR> d-------- C:\Program Files\LightScribeTemplateLabeler
2007-12-25 13:01 . 07-12-25 13:02  <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-25 12:53 . 07-12-25 12:53  <DIR> d-------- C:\PhotoDVD
2007-12-02 08:24 . 07-12-02 08:24  <DIR> d-------- C:\Program Files\PowerISO
2007-11-30 17:25 . 07-11-30 17:26  24 ---hs---- C:\WINDOWS\S86B9AD64.tmp
2007-11-28 23:37 . 07-11-28 23:37  8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2007-11-26 18:00 . 05-08-21 22:08  2,139,136 --a------ C:\WINDOWS\SYSTEM32\snow2.scr
2007-11-26 17:58 . 07-11-26 18:03  <DIR> d-------- C:\Program Files\snow2
2007-11-25 22:36 . 07-11-25 22:36  <DIR> d-------- C:\found.000
2007-11-25 22:14 . 07-11-25 22:14  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2007-11-25 22:13 . 07-11-25 22:13  <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 22:13 . 07-10-26 08:05  3,036,456 --a------ C:\WINDOWS\SYSTEM32\BCGCBPRO860u80.dll
2007-11-25 22:13 . 06-03-17 11:45  1,757,184 --a------ C:\WINDOWS\SYSTEM32\imagX7.dll
2007-11-25 22:13 . 04-08-18 15:00  1,712,128 --a------ C:\WINDOWS\SYSTEM32\GdiPlus.dll
2007-11-25 22:13 . 06-03-17 11:45  802,816 --a------ C:\WINDOWS\SYSTEM32\imagXRA7.dll
2007-11-25 22:13 . 06-03-17 11:45  497,296 --a------ C:\WINDOWS\SYSTEM32\imagXpr7.dll
2007-11-25 22:13 . 06-03-17 14:49  368,640 --a------ C:\WINDOWS\SYSTEM32\TwnLib4.dll
2007-11-25 22:13 . 06-03-17 11:45  258,048 --a------ C:\WINDOWS\SYSTEM32\imagXR7.dll
2007-11-25 22:13 . 07-11-21 21:53  193,832 --a------ C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
2007-11-25 22:13 . 07-10-26 08:05  33,576 --a------ C:\WINDOWS\SYSTEM32\BCGPOleAcc.dll
2007-11-24 21:41 . 07-12-26 21:13  <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-16 22:12 . 07-11-16 22:12  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Snapfish
2007-11-16 21:41 . 03-06-19 12:05  21,552 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbstor.sys
2007-11-15 11:29 . 07-12-29 17:59  <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-14 13:58 . 07-11-14 13:58  <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SHARP
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 05:13 --------- d-----w C:\Program Files\PLUS!
2007-12-29 04:39 21 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
2007-12-27 21:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-12-27 14:12 --------- d-----w C:\Program Files\QuickTime
2007-12-27 14:12 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-12-27 14:12 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-23 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-15 01:07 --------- d-----w C:\Program Files\LimeWire
2006-12-24 00:18 305 ---h--w C:\Program Files\desktop.ini
2006-12-24 00:17 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 20:00 32,528 ----a-w C:\WINDOWS\inf\wbfirdma.sys
.
(((((((((((((((((((((((((((((   snapshot@Thu 2007-12-27_ 6.23.59.51   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-30 02:00:56 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-30 02:00:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-30 02:00:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-11-17 17:00:41 22,798 ----a-r C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\MsblIco.Exe
+ 2007-12-30 01:59:14 22,798 ----a-r C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\MsblIco.Exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37D2AC3B-2C95-4184-98DE-BACE4164EBDA}]
   C:\Program Files\Online Services\nipyxabe4444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C5E6017-5B43-4404-679E-3EAC64CE6D87}]
   C:\Program Files\PLUS!\rybi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95F7AF11-46FE-7C59-8B2C-3AE67682029B}]
   C:\WINDOWS\system32\radpi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72F6699-4BD2-4410-94B8-640417DB3CB9}]
   C:\Program Files\Online Services\nipyxabe83122.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
06-07-13 12:39  2362640 --a------ C:\WINDOWS\system32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [05-12-13 16:27 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" []
"Synchronization Manager"="mobsync.exe" [03-06-19 19:05  C:\WINDOWS\SYSTEM32\mobsync.exe]
"CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [06-09-28 11:21 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55  77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41  294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwshd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
05-06-06 23:46  57344 --a------ D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
07-10-10 19:51  39792 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aown]
   C:\DOCUME~1\ADMINI~1\MYDOCU~1\MCROSO~1.NET\netdde.exe -vt yazb
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
   C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
   D:\Program Files\ClamWin\bin\ClamTray.exe --logon
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpoylz]
   C:\Documents and Settings\Administrator\My Documents\??stem32\d?xplore.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
   C:\Program Files\ipwins\ipwins.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
06-10-30 09:36  256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
   C:\WINDOWS\system32\pmkhf.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
   svehost.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
   C:\Program Files\MSN Messenger\MsnMsgr.Exe /background
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntdll.dll]
   C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\qttask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
   C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
   C:\WINDOWS\system32\hpcelrsb.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
01-10-12 15:45  69632 --a------ C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spooler SubSystem App]
   C:\WINDOWS\system32\spooIsv.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
06-11-09 15:07  49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
   mobsync.exe /logon
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
   SysTray.Exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_eCare_Lite_McciTrayApp]
07-01-26 10:59  1007720 --a------ C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0C48F6A2-0361-1033-0825-000310150001}]
   C:\Program Files\Common Files\{0C48F6A2-0361-1033-0825-000310150001}\Update.exe mc-110-12-0000144
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"iPod Service"=3 (0x3)
"COM+ Messages"=2 (0x2)
"Portable Media Serial Number"=2 (0x2)
"SBHookSvc"=3 (0x3)
"NETDown"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0C48F6A2-0361-1033-0825-000310150001}"="C:\Program 11Files\Common Files\{0C48F6A2-0361-1033-0825-000310150001}\Update.exe" mc-110-12-0000144
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [05-11-03 10:50 ]
S3 f3185a19-d348-43c7-98b0-b45e3fdba6e0;f3185a19-d348-43c7-98b0-b45e3fdba6e0;D:\Player\cds300.dll []
S3 hpddndnt;HP DeskDirect Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\hpddnd4.sys [99-11-05 13:37 ]
S4 Portable Media Serial Number;ntv;C:\WINDOWS\ntv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 21:32:58
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-29 21:34:36 - machine was rebooted

Back to Top
 

dude_dude_dude2001
New Member


Date Joined Jun 2006
Total Posts : 10
  		   Posted 1-3-2008 3:15 (GMT +1)    Quote: Dopper.agentAlert an admin about: Dopper.agent
I noticed nobody's posted anythign on my topic does that mean all is good?

DUDEDUDEDUDE2001

Back to Top
 
New Topic Locked Topic Printable version of : Dopper.agent
 
Forum Information
Currently it is Wednesday, January 07, 2009 12:58 PM (GMT +1)
There are a total of 65.902 posts in 16.171 threads.
In the last 3 days there were 22 new threads and 106 reply posts. View Active Threads
Who's Online
This forum has 27772 registered members. Please welcome our newest member, Kuchhal.
40 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Slow laptop, odd files and ~60 processes (3)07-01-2009 09:29:14 (Touch)
Slow computer;can't use restore (8)07-01-2009 09:27:32 (Touch)
Some nasty trojan (3)07-01-2009 09:25:26 (Touch)
Virtumundo Virus HELP! (9)07-01-2009 09:10:15 (Touch)
Virus help needed (5)07-01-2009 09:07:58 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard