Sign in to follow this  
mmaatttt

PC is FUBAR!

Recommended Posts

Hhhmmm!

 

I did alter a few things whilst I was gone. I've uninstalled Norton and added AVG Anti Virus instead, which I did a virus check with and it picked out a couple of things (since deleted!). Also Super Anti Spyware was already disabled.

 

None the less, here are my logs:

 

ComboFix 07-11-19.4 - user 2007-11-29 23:08:05.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.360 [GMT 0:00]

Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe

Command switches used :: D:\Documents and Settings\user\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\system32\drvtug.dll

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\pstwa.ini

C:\WINDOWS\system32\pstwa.ini2

C:\WINDOWS\system32\rtstv.ini

C:\WINDOWS\system32\rtstv.ini2

C:\WINDOWS\system32\winbug32.dll_tobedeleted_old

D:\Documents and Settings\All Users\Application Data\jibupqne.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Gfkgzmsb

C:\Program Files\ngbmpgnc

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\pstwa.ini

C:\WINDOWS\system32\pstwa.ini2

C:\WINDOWS\system32\rtstv.ini

C:\WINDOWS\system32\rtstv.ini2

C:\WINDOWS\system32\vgfddwtv

C:\WINDOWS\system32\vgfddwtv\bg1.gif

C:\WINDOWS\system32\vgfddwtv\bgtop.gif

C:\WINDOWS\system32\vgfddwtv\bottom1.gif

C:\WINDOWS\system32\vgfddwtv\essentials.gif

C:\WINDOWS\system32\vgfddwtv\icon1.ico

C:\WINDOWS\system32\vgfddwtv\install1.gif

C:\WINDOWS\system32\vgfddwtv\left1.gif

C:\WINDOWS\system32\vgfddwtv\li.gif

C:\WINDOWS\system32\vgfddwtv\logo.gif

C:\WINDOWS\system32\vgfddwtv\main.htm

C:\WINDOWS\system32\vgfddwtv\mainframe.htm

C:\WINDOWS\system32\vgfddwtv\reinstall1.gif

C:\WINDOWS\system32\vgfddwtv\right1.gif

C:\WINDOWS\system32\vgfddwtv\s1.htm

C:\WINDOWS\system32\vgfddwtv\s2.htm

C:\WINDOWS\system32\vgfddwtv\s3.htm

C:\WINDOWS\system32\vgfddwtv\SMTop1.gif

C:\WINDOWS\system32\vgfddwtv\SMTop2.gif

C:\WINDOWS\system32\vgfddwtv\SMTop3.gif

C:\WINDOWS\system32\vgfddwtv\SMTop4.gif

C:\WINDOWS\system32\vgfddwtv\soft1_off.gif

C:\WINDOWS\system32\vgfddwtv\soft1_off_ext.gif

C:\WINDOWS\system32\vgfddwtv\soft1_on.gif

C:\WINDOWS\system32\vgfddwtv\soft1_on_ext.gif

C:\WINDOWS\system32\vgfddwtv\soft2_off.gif

C:\WINDOWS\system32\vgfddwtv\soft2_off_ext.gif

C:\WINDOWS\system32\vgfddwtv\soft2_on.gif

C:\WINDOWS\system32\vgfddwtv\soft2_on_ext.gif

C:\WINDOWS\system32\vgfddwtv\soft3_off.gif

C:\WINDOWS\system32\vgfddwtv\soft3_off_ext.gif

C:\WINDOWS\system32\vgfddwtv\soft3_on.gif

C:\WINDOWS\system32\vgfddwtv\soft3_on_ext.gif

C:\WINDOWS\system32\vgfddwtv\softbottom_off.gif

C:\WINDOWS\system32\vgfddwtv\softbottom_on.gif

C:\WINDOWS\system32\vgfddwtv\softleft_off.gif

C:\WINDOWS\system32\vgfddwtv\softleft_on.gif

C:\WINDOWS\system32\vgfddwtv\top1.gif

C:\WINDOWS\system32\vgfddwtv\top2.gif

C:\WINDOWS\system32\vgfddwtv\turnoff1.gif

C:\WINDOWS\system32\vgfddwtv\turnon1.gif

 

.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))

.

 

2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\user\Application Data\AVG7

2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7

2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7

2007-11-28 14:04 <DIR> d--hs---- D:\Documents and Settings\user\UserData

2007-11-28 12:40 <DIR> d-------- D:\Documents and Settings\user\Application Data\Talkback

2007-11-27 18:32 <DIR> d-------- D:\Documents and Settings\user\Shared

2007-11-27 02:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg

2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe

2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer

2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups

2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft

2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM

2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc

2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com

2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild

2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-11-14 17:47 <DIR> d-------- D:\Documents and Settings\user\Application Data\MSNInstaller

2007-11-08 20:25 <DIR> d-------- D:\Documents and Settings\user\Application Data\BitSpirit

2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop

2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-29 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-27 17:46 --------- d-----w C:\Program Files\DivX

2007-11-27 17:21 --------- d-----w C:\Program Files\Java

2007-11-27 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-27 17:13 --------- d-----w C:\Program Files\ffdshow

2007-11-27 17:05 --------- d-----w C:\Program Files\Artlantis Studio

2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan

2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe

2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe

2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware

2007-11-23 23:53 --------- d-----w D:\Documents and Settings\user\Application Data\dvdcss

2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO

2007-11-23 21:08 --------- d-----w D:\Documents and Settings\user\Application Data\Azureus

2007-11-15 12:39 --------- d-----w D:\Documents and Settings\user\Application Data\OpenOffice.org2

2007-11-11 12:06 --------- d-----w C:\Program Files\Activision

2007-11-10 11:56 --------- d-----w D:\Documents and Settings\user\Application Data\LimeWire

2007-11-08 20:34 --------- d-----w D:\Documents and Settings\user\Application Data\uTorrent

2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-24 18:31 --------- d-----w D:\Documents and Settings\user\Application Data\Graphisoft

2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel

2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire

2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft

2007-10-19 12:08 --------- d-----w D:\Documents and Settings\user\Application Data\FrostWire

2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth

2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation

2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity

2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes

2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP

2007-10-06 01:51 --------- d-----w D:\Documents and Settings\user\Application Data\FlashFXP

2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD

2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe

2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP

2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe

.

 

((((((((((((((((((((((((((((( snapshot_2007-11-28_14.28.17.90 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 14:00:00 98,304 ----a-w C:\WINDOWS\system32\cscript.exe

+ 2007-07-31 20:45:06 114,688 ----a-w C:\WINDOWS\system32\cscript.exe

- 2004-08-04 14:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll

+ 2007-07-31 20:45:24 32,768 ----a-w C:\WINDOWS\system32\dispex.dll

+ 2007-07-31 20:45:06 114,688 ------w C:\WINDOWS\system32\dllcache\cscript.exe

+ 2007-07-31 20:45:24 32,768 ------w C:\WINDOWS\system32\dllcache\dispex.dll

- 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-07-31 20:45:28 163,840 ------w C:\WINDOWS\system32\dllcache\scrobj.dll

+ 2007-07-31 20:45:28 155,648 ------w C:\WINDOWS\system32\dllcache\scrrun.dll

- 2006-10-17 13:33:40 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2007-07-31 20:45:28 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2007-07-31 20:45:30 69,632 ------w C:\WINDOWS\system32\dllcache\wshext.dll

+ 2007-11-29 19:04:59 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys

+ 2007-11-29 19:05:04 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys

+ 2007-11-29 19:05:04 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys

+ 2007-11-29 19:05:05 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys

+ 2007-11-29 19:05:05 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys

- 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\jscript.dll

- 2004-08-04 14:00:00 159,744 ----a-w C:\WINDOWS\system32\scrobj.dll

+ 2007-07-31 20:45:28 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll

- 2004-08-04 14:00:00 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll

+ 2007-07-31 20:45:28 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll

- 2006-10-17 13:33:40 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-07-31 20:45:28 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\wscript.exe

+ 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\wscript.exe

- 2004-08-04 14:00:00 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll

+ 2007-07-31 20:45:30 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll

- 2004-08-04 14:00:00 65,536 ----a-w C:\WINDOWS\system32\wshext.dll

+ 2007-07-31 20:45:30 69,632 ----a-w C:\WINDOWS\system32\wshext.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-25 12:07]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-29 19:04]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-29 19:04]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

C:\WINDOWS\WDVRCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StarWindService"=2 (0x2)

"SAVScan"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"ISSVC"=2 (0x2)

"IDriverT"=3 (0x3)

"GB-PVR Recording Service"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"AOL ACS"=2 (0x2)

 

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

*Newly Created Service* - AVG7ALRT

*Newly Created Service* - AVG7CORE

*Newly Created Service* - AVG7RSXP

*Newly Created Service* - AVG7UPDSVC

*Newly Created Service* - AVGCLEAN

.

Contents of the 'Scheduled Tasks' folder

"2007-11-28 23:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-29 23:09:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

.

Completion time: 2007-11-29 23:10:31

C:\ComboFix2.txt ... 2007-11-28 14:28

C:\ComboFix3.txt ... 2007-11-27 12:47

.

--- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:12:14, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6959 bytes

Share this post


Link to post
Share on other sites

I don't know if this helps but here is a list of items that AVG removed/spotted from my system:

 

"General properties",""

"Report name","Complete Test"

"Start time","29/11/2007 19:16:12"

"End time","29/11/2007 20:26:52 (total: 1:10:39.10 hrs)"

"Launch method","Scanning launched manually"

"Scanning result","Threats found"

"Report status","Scanning completed successfully"

" ",""

"Object summary",""

"Scanned","117065"

"Threats Found","19"

"Cleaned","0"

"Moved to vault","1"

"Deleted","13"

"Errors","0"

"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\keygen.exe","Trojan horse Proxy.VPK","Infected, Embedded object, Deleted"

"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\crack.exe","Trojan horse Downloader.Generic6.UQU","Infected, Embedded object, Deleted"

"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\serial.exe","Trojan horse Dialer.PYH","Infected, Embedded object, Deleted"

"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\install.exe","Virus found Win32/Virut","Infected, Embedded object, Deleted"

"D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object"

"D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive"

"K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object"

"K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive"

"C:\Program Files\Gfkgzmsb\nwejgwdm.dll","","Deleted"

"C:\Program Files\ngbmpgnc\peduncjw.dll","","Deleted"

"C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir","","Deleted"

"C:\WINDOWS\system32\drvtug.dll","","Deleted"

"C:\WINDOWS\system32\unpr.sys","","Deleted"

"C:\WINDOWS\system32\winbug32.dll_tobedeleted_old","","Deleted"

"D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[1]","","Deleted"

"D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[2]","","Deleted"

"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT11F.tmp","","Deleted"

"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT145.tmp","","Deleted"

"D:\Deckard\System Scanner\backup\WINDOWS\temp\VRTBA.tmp","","Deleted"

"D:\Documents and Settings\All Users\Application Data\jibupqne.dll","","Deleted"

"D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe","","Moved to Vault, Archive"

"K:\F. Documents and Settings\Matthew\Local Settings\Temp\Temporary Internet Files\Content.IE5\58CRPUDF\popup[1].php","","Deleted"

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Nice work looks like it did some good cleaning. How is the PC, doing now any better.

 

Backup the Registry:

 

Navigate to Start | Run and paste the following:

 

regedit /e c:\registrybackup.reg

 

Now click OK

It won't appear to be doing anything, that's normal.

Your mouse pointer may turn to an hour glass for a minute.

Please continue when it no longer has the hour glass.

 

========================

 

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

( Do not copy the word quote)

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shellexecutehooks]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-

 

Save this as fix.reg Choose to save as *all files and place it on your Desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

 

=======================

 

Do a reboot come back here give me some feedback about the PC.

 

Gogo :angry:

Share this post


Link to post
Share on other sites

Thanx HJThis!!!

 

Seems to be working fine now, although the startup seems a bit slower than before and I'm still trying to find some windows items for my startmenu (good old google is helping me with that :wub:).

 

Also to anyone interested, I highly recommend the free AVG Antivirus software, it dosen't hog up resources and it is pretty powerful!

 

 

mmaatttt

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

I'm glad things are better. I have some last steps for you here, Make sure to have a look at the link on the end.

 

Please take these following steps to help prevent reinfection:

 

1) Download and install Javacool's SpywareBlaster | # Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.

# Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

# Restrict the actions of potentially unwanted sites in Internet Explorer.

 

 

2) Download IE-Spyad | works by importing a large file of registry entries into your registry.A tutorial on it can be found here

 

 

3) Go to Windows Update | Frequently Make sure to check for the latest updates.

 

 

4) All of these great programs will not do a thing for you. If none are kept updated. So please check all of them for the latest updates.

 

 

5) Please make it a point to have a look at. this great site, By the Master Miekiemoes.

miekiemoes Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

 

Regards

 

Gogo :wub:

Share this post


Link to post
Share on other sites
Sign in to follow this