Sign in to follow this  
janoona

Registry scan kills computer

Recommended Posts

Hey janoona,

 

It seems like your computer is messed up beyond what I can do. Let's see if we can run a few more scans and get this computer clean of malware before I send you to another forum that can help you with technical problems.

 

1) Re-run OTMoveIt3

  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveIt3.exe and select "Run as an Administrator")
  • Copy everything in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Files
    C:\WINDOWS\DUMP4239.tmp
    C:\WINDOWS\DUMP41db.tmp
    C:\WINDOWS\tasks\RegCure Program Check.job
    C:\WINDOWS\tasks\RegCure.job
    
    :Commands
    [emptytemp]
    [start explorer]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the "Results" window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

2) Run Dr Web CureIt

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

3) Run Kaspersky Webscanner (If you cannot run this step, leave this step out)

 

Please do an online scan with Kaspersky WebScanner

 

Click on Accept

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

      Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Next reply (please include):

 

Fresh RSIT log (Please re-run RSIT.exe)

Kaspersky scan log

Dr Web scan log

OTMoveIt3 log

Share this post


Link to post
Share on other sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\DUMP4239.tmp moved successfully.

C:\WINDOWS\DUMP41db.tmp moved successfully.

File/Folder C:\WINDOWS\tasks\RegCure Program Check.job not found.

File/Folder C:\WINDOWS\tasks\RegCure.job not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_qQrNMZ1JhFO60A4HmBk5 scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 12052008_184932

 

Files moved on Reboot...

File C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_qQrNMZ1JhFO60A4HmBk5 not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be moved on reboot.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\XUL.mfl moved successfully.

Share this post


Link to post
Share on other sites

Please post your DR Web Cure IT scan log as well. Thanks. :huh:

Share this post


Link to post
Share on other sites

I had some problems with the link you provided - "Lisence key file has expired". So I downloaded the program from the Dr web site. The Kaspersky program has the accept key greyed out so no luck there. It would also appear that you can not up load the DrWeb .csv file so I have copied it below.

 

ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe;Probably BATCH.Virus;;

ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe;Program.PsExec.171;;

ComboFix.exe;C:\Documents and Settings\Jeff\Desktop;Archive contains infected objects;Moved.;

A0106704.bat;C:\System Volume Information\_restore{902BB8F4-3989-4514-AD4C-C3499CFA1629}\RP307;Probably BATCH.Virus;Incurable.Moved.;

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by Jeff at 2008-12-07 13:52:50

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 29 GB (12%) free of 238 GB

Total RAM: 447 MB (33% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:53:00 PM, on 12/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wwSecure.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\Jeff\Desktop\RSIT.exe

C:\Program Files\trend micro\Jeff.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing)

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

 

--

End of file - 7550 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-02 308856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-01-10 143360]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]

"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-21 589824]

"EasyTuneV"=C:\Program Files\Gigabyte\ET5\GUI.exe [2004-06-14 200704]

"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]

"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-03-03 2957824]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-02 185896]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"NBJ"=C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe [2005-10-11 1961984]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27a52-b981-11dd-91ef-001485798133}]

shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

 

 

======List of files/folders created in the last 1 months======

 

2008-12-05 19:09:42 ----HD---- C:\WINDOWS\PIF

2008-12-05 18:49:41 ----SHD---- C:\RECYCLER

2008-11-28 04:27:18 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-23 10:18:56 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-23 09:32:59 ----D---- C:\WINDOWS\temp

2008-11-23 09:32:57 ----A---- C:\ComboFix.txt

2008-11-23 09:29:00 ----D---- C:\ComboFix

2008-11-08 04:44:07 ----D---- C:\winTows?system32

2008-11-08 04:44:07 ----D---- C:\windowsSsys?em32

2008-11-08 04:44:07 ----D---- C:\WINDOWS\sysWem3?

2008-11-08 04:44:07 ----D---- C:\WINDOWS\system3?

2008-11-08 04:44:07 ----D---- C:\WINDOWS\system32\?windows

2008-11-08 04:44:07 ----D---- C:\WINDOWS\system32\?windows

 

======List of files/folders modified in the last 1 months======

 

2008-12-07 13:53:01 ----D---- C:\WINDOWS\Prefetch

2008-12-07 13:52:53 ----D---- C:\Program Files\trend micro

2008-12-07 13:52:38 ----D---- C:\Program Files\Mozilla Firefox

2008-12-07 11:01:13 ----D---- C:\Documents and Settings\Jeff\Application Data\Spyware Terminator

2008-12-07 09:53:20 ----D---- C:\Program Files\Mozilla Thunderbird

2008-12-06 08:44:56 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-05 21:01:36 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-05 19:09:42 ----D---- C:\WINDOWS

2008-12-05 03:56:20 ----D---- C:\WINDOWS\system32

2008-12-05 03:55:17 ----D---- C:\Program Files\Spyware Terminator

2008-12-01 19:02:31 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-29 08:01:43 ----SHD---- C:\Config.Msi

2008-11-29 08:01:42 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-29 06:07:13 ----D---- C:\WINEBASE

2008-11-29 06:06:32 ----SHD---- C:\WINDOWS\Installer

2008-11-29 06:06:01 ----D---- C:\WINDOWS\WinSxS

2008-11-29 06:05:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2008-11-29 06:05:46 ----D---- C:\Program Files\Common Files\Adobe

2008-11-29 06:05:46 ----D---- C:\Program Files\Adobe

2008-11-29 04:22:27 ----D---- C:\WINDOWS\Minidump

2008-11-23 10:19:06 ----D---- C:\WINDOWS\system32\drivers

2008-11-23 09:33:00 ----D---- C:\Qoobox

2008-11-23 09:31:59 ----A---- C:\WINDOWS\system.ini

2008-11-23 09:31:20 ----D---- C:\WINDOWS\AppPatch

2008-11-23 09:31:20 ----D---- C:\Program Files\Common Files

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]

R2 cx88xbar;FusionHDTV 88x, WDM Crossbar; C:\WINDOWS\system32\drivers\zl88xbar.sys [2005-10-04 10368]

R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-13 41984]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2006-09-29 15781]

R2 Zulu88Tune;FusionHDTV 88x, WDM Tuner(DVB-T Plus); C:\WINDOWS\system32\drivers\zl88tune.sys [2005-10-04 177280]

R2 Zulu88Vid;FusionHDTV 88x, WDM Video Capture; C:\WINDOWS\system32\drivers\zl88vcap.sys [2005-10-04 189312]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-01-11 3844160]

R3 AR5211;NETGEAR WG311T V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WG311T13.sys [2004-12-15 400096]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]

R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []

R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-03-08 172544]

R3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\zl88bda.sys [2005-10-04 186752]

R3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(DVB-T); C:\WINDOWS\system32\drivers\zl88tcap.sys [2005-10-04 19200]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture; C:\WINDOWS\system32\drivers\zl88aud.sys [2001-09-02 9216]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []

S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\H10USB.sys [2004-06-23 7552]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []

S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-01 36864]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-03-03 1097216]

R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]

R2 wwSecSvc;Washer Security Access; C:\WINDOWS\system32\wwSecure.exe [2005-05-20 486400]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

The new RIST info.txt file is nowhere to be found. I can find the old on from last time in C:rist \info.txt, but not the one from today.

 

I have also found a a log file under C:---------DrWeb\CureIt.log which contains a LOT of data. Do you want me to post it??

Share this post


Link to post
Share on other sites

Hey janoona,

 

The new RIST info.txt file is nowhere to be found. I can find the old on from last time in C:rist \info.txt, but not the one from today.

 

I have also found a a log file under C:---------DrWeb\CureIt.log which contains a LOT of data. Do you want me to post it??

 

Sure, please attach that CureIt.log if it is too long.

 

Seems like there are some new infections coming in.

 

1) Run a new copy of ComboFix

 

Please go to Start>Run and type ComboFix /u, you should get a window telling you that ComboFix is uninstalled.

 

NEXT

 

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

2) Run F-Secure Online scan

 

Please run the F-Secure Online Scanner

 

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Next reply (please include):

 

Fresh HijackThis log

ComboFix.txt

F-Secure scan report

Share this post


Link to post
Share on other sites

ComboFix 08-12-06.06 - Jeff 2008-12-08 17:07:27.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -8:00]

Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))

.

 

2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d--h----- c:\windows\PIF

2008-12-05 19:07 . 2008-12-07 10:57 <DIR> d-------- c:\documents and settings\Jeff\DoctorWeb

2008-11-26 18:24 . 2003-03-24 16:52 188,480 --a--c--- c:\windows\system32\dllcache\cfgwiz.exe

2008-11-26 18:24 . 2003-03-24 16:52 20,540 --a--c--- c:\windows\system32\dllcache\author.dll

2008-11-26 18:24 . 2003-03-24 16:52 16,439 --a--c--- c:\windows\system32\dllcache\author.exe

2008-11-26 18:23 . 2003-03-24 16:52 20,540 --a--c--- c:\windows\system32\dllcache\admin.dll

2008-11-23 11:29 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll

2008-11-23 11:27 . 2003-03-24 16:52 147,513 --a--c--- c:\windows\system32\dllcache\fp4apws.dll

2008-11-23 11:27 . 2003-03-24 16:52 102,509 --a--c--- c:\windows\system32\dllcache\fp4atxt.dll

2008-11-23 11:27 . 2003-03-24 16:52 82,035 --a--c--- c:\windows\system32\dllcache\fp4anscp.dll

2008-11-23 11:27 . 2003-03-24 16:52 49,210 --a--c--- c:\windows\system32\dllcache\fp4areg.dll

2008-11-23 11:27 . 2003-03-24 16:52 41,020 --a--c--- c:\windows\system32\dllcache\fp4avnb.dll

2008-11-23 11:27 . 2003-03-24 16:52 32,826 --a--c--- c:\windows\system32\dllcache\fp4avss.dll

2008-11-23 11:26 . 2004-05-13 00:39 184,435 --a--c--- c:\windows\system32\dllcache\fp4amsft.dll

2008-11-23 11:23 . 2003-03-24 16:52 16,439 --a--c--- c:\windows\system32\dllcache\admin.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 01:06 --------- d-----w c:\documents and settings\Jeff\Application Data\Spyware Terminator

2008-12-09 01:02 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-08 00:52 --------- d-----w c:\program files\trend micro

2008-12-05 11:55 --------- d-----w c:\program files\Spyware Terminator

2008-11-30 16:02 --------- d-----w c:\documents and settings\Michelle\Application Data\Spyware Terminator

2008-11-29 14:05 --------- d-----w c:\program files\Common Files\Adobe

2008-11-05 01:52 --------- d-----w c:\program files\UltimateZip 3.0

2008-11-05 00:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator

2008-11-04 04:45 3,592 ----a-w c:\windows\system32\PerfStringBackup.TMP

2008-10-31 01:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-10-31 01:58 --------- d-----w c:\documents and settings\Jeff\Application Data\Malwarebytes

2008-10-31 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-10-30 01:57 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-10-30 01:57 --------- d-----w c:\program files\Java

2008-10-28 13:54 --------- d-----w c:\program files\MSXML 4.0

2008-10-26 13:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-25 16:45 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-25 16:44 --------- d-----w c:\program files\Maxtor

2008-10-25 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\Maxtor

2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-14 07:00 --------- d-----w c:\documents and settings\James\Application Data\Spyware Terminator

2008-10-14 05:45 --------- d-----w c:\documents and settings\James\Application Data\Canon

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2006-12-07 20:10 151 ----a-w c:\documents and settings\Jeff\Application Data\internaldb3635.dat

2006-12-02 22:20 6,144 ----a-w c:\documents and settings\Michelle\Application Data\internaldb7498.dat

2006-11-14 12:39 0 ----a-w c:\documents and settings\Jeff\Application Data\internaldb8253.dat

2006-11-01 01:07 334 ----a-w c:\documents and settings\James\Application Data\internaldb41.dat

2006-11-01 01:07 13,046 ----a-w c:\documents and settings\James\Application Data\internaldb5956.dat

2006-11-01 01:07 0 ----a-w c:\documents and settings\James\Application Data\internaldb889.dat

2006-11-01 00:45 177,152 ----a-w c:\documents and settings\James\Application Data\internaldb6774.dat

2006-10-24 22:49 6,144 ----a-w c:\documents and settings\James\Application Data\internaldb6794.dat

2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb9782.dat

2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb7397.dat

2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb5594.dat

2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb1342.dat

2006-09-20 21:05 1,058,588 ----a-w c:\documents and settings\Jeff\mconvert.zip

2004-12-15 00:47 400,096 ----a-w c:\windows\inf\WG311T\WG311T13.sys

2004-10-20 02:58 35,232 ----a-w c:\windows\inf\WG311T\ME_INST.EXE

2004-10-20 02:58 26,112 ----a-w c:\windows\inf\WG311T\install.exe

2004-10-01 23:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( [email protected]_ 9.32.14.37 )))))))))))))))))))))))))))))))))))))))))

.

- 2000-08-31 15:00:00 89,504 ----a-w c:\windows\fdsv.exe

+ 2000-08-31 16:00:00 89,504 ----a-w c:\windows\fdsv.exe

- 2000-08-31 15:00:00 80,412 ----a-w c:\windows\grep.exe

+ 2000-08-31 16:00:00 80,412 ----a-w c:\windows\grep.exe

+ 2008-11-29 14:06:29 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe

- 2000-08-31 15:00:00 98,816 ----a-w c:\windows\sed.exe

+ 2000-08-31 16:00:00 98,816 ----a-w c:\windows\sed.exe

- 2000-08-31 15:00:00 136,704 ----a-w c:\windows\SWSC.exe

+ 2000-08-31 16:00:00 136,704 ----a-w c:\windows\SWSC.exe

- 2000-08-31 15:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe

+ 2000-08-31 16:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe

+ 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe

+ 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr

+ 2008-04-14 00:11:48 136,192 -c--a-w c:\windows\system32\dllcache\aaclient.dll

+ 2008-04-14 00:11:48 1,852,928 -c--a-w c:\windows\system32\dllcache\acgenral.dll

+ 2008-04-14 00:11:48 451,072 -c--a-w c:\windows\system32\dllcache\aclayers.dll

+ 2008-04-14 00:11:48 245,248 -c--a-w c:\windows\system32\dllcache\acspecfc.dll

+ 2008-04-14 00:11:48 116,224 -c--a-w c:\windows\system32\dllcache\acxtrnal.dll

+ 2008-04-14 00:12:12 98,304 -c--a-w c:\windows\system32\dllcache\ahui.exe

+ 2008-04-14 00:11:49 125,952 -c--a-w c:\windows\system32\dllcache\apphelp.dll

+ 2008-04-14 00:11:49 65,024 -c--a-w c:\windows\system32\dllcache\asycfilt.dll

+ 2008-04-14 00:11:50 30,208 -c--a-w c:\windows\system32\dllcache\atmlib.dll

+ 2008-04-14 00:11:50 233,472 -c--a-w c:\windows\system32\dllcache\azroles.dll

+ 2008-04-14 00:11:50 7,168 -c--a-w c:\windows\system32\dllcache\bitsprx4.dll

+ 2008-04-14 00:09:05 16,896 -c--a-w c:\windows\system32\dllcache\cfgmgr32.dll

+ 2008-04-14 00:11:51 617,472 -c--a-w c:\windows\system32\dllcache\comctl32.dll

+ 2008-04-14 00:11:51 276,992 -c--a-w c:\windows\system32\dllcache\comdlg32.dll

+ 2008-04-14 00:11:51 252,928 -c--a-w c:\windows\system32\dllcache\compatui.dll

+ 2008-04-14 00:11:51 599,040 -c--a-w c:\windows\system32\dllcache\crypt32.dll

+ 2008-04-14 00:11:51 74,752 -c--a-w c:\windows\system32\dllcache\cryptdlg.dll

+ 2008-04-14 00:11:51 33,280 -c--a-w c:\windows\system32\dllcache\cryptdll.dll

+ 2008-04-14 00:11:51 53,760 -c--a-w c:\windows\system32\dllcache\cryptext.dll

+ 2008-04-14 00:11:51 64,512 -c--a-w c:\windows\system32\dllcache\cryptnet.dll

+ 2008-04-14 00:11:51 62,464 -c--a-w c:\windows\system32\dllcache\cryptsvc.dll

+ 2008-04-14 00:11:51 512,512 -c--a-w c:\windows\system32\dllcache\cryptui.dll

+ 2008-04-14 00:11:52 19,456 -c--a-w c:\windows\system32\dllcache\dimsntfy.dll

+ 2008-04-14 00:11:52 39,936 -c--a-w c:\windows\system32\dllcache\dimsroam.dll

+ 2008-04-14 00:11:52 32,768 -c--a-w c:\windows\system32\dllcache\dispex.dll

+ 2008-04-13 17:37:57 138,752 -c--a-w c:\windows\system32\dllcache\dssenh.dll

+ 2008-04-13 19:14:29 143,744 -c--a-w c:\windows\system32\dllcache\fastfat.sys

+ 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys

+ 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys

+ 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys

+ 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys

+ 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys

+ 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys

+ 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys

- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-08-19 05:28:06 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-12-06 14:32:44 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-12-06 02:19:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat

- 2000-08-31 15:00:00 49,152 ----a-w c:\windows\VFIND.exe

+ 2000-08-31 16:00:00 49,152 ----a-w c:\windows\VFIND.exe

- 2006-06-05 21:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2006-06-05 22:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

- 2006-06-05 21:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

+ 2006-06-05 22:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

- 2006-06-05 21:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2006-06-05 22:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

- 2000-08-31 15:00:00 68,096 ----a-w c:\windows\zip.exe

+ 2000-08-31 16:00:00 68,096 ----a-w c:\windows\zip.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-11 1961984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-21 589824]

"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-03 2957824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 185896]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-01-10 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-23 110160]

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2007-12-01 138752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-23 20560]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]

R2 cx88xbar;FusionHDTV 88x, WDM Crossbar;c:\windows\system32\drivers\zl88xbar.sys [2008-09-13 10368]

R2 Zulu88Tune;FusionHDTV 88x, WDM Tuner(DVB-T Plus);c:\windows\system32\drivers\zl88tune.sys [2008-09-13 177280]

R2 Zulu88Vid;FusionHDTV 88x, WDM Video Capture;c:\windows\system32\drivers\zl88vcap.sys [2008-09-13 189312]

R3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod;c:\windows\system32\drivers\zl88bda.sys [2008-09-13 186752]

R3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(DVB-T);c:\windows\system32\drivers\zl88tcap.sys [2008-09-13 19200]

S3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture;c:\windows\system32\drivers\zl88aud.sys [2008-09-13 9216]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\H10USB.sys [2004-06-23 7552]

S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27a52-b981-11dd-91ef-001485798133}]

\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FireFox -: Profile - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 17:09:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-12-08 17:10:13

ComboFix-quarantined-files.txt 2008-12-09 01:09:50

ComboFix2.txt 2008-11-23 17:32:57

 

Pre-Run: 30,605,680,640 bytes free

Post-Run: 30,600,540,160 bytes free

 

228 --- E O F --- 2008-07-28 15:37:34

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:16:06 PM, on 12/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wwSecure.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jeff\My Documents\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"

O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing)

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Share this post


Link to post
Share on other sites

The CureIt.log at 33,908kb might be a little big to attach. F-Secure report follows.

 

Scanning Report

Monday, December 08, 2008 18:07:18 - 19:34:13

 

Computer name: USER-F285D9D7D0

Scanning type: Scan system for malware, rootkits

Target: C:\ D:\

Result: 6 malware found

TrackingCookie.2o7 (spyware)

 

* System

 

TrackingCookie.Atdmt (spyware)

 

* System

 

TrackingCookie.Atwola (spyware)

 

* System

 

TrackingCookie.Revsci (spyware)

 

* System

 

TrackingCookie.Statcounter (spyware)

 

* System

 

TrackingCookie.Webtrends (spyware)

 

* System

 

Statistics

Scanned:

 

* Files: 47919

* System: 3401

* Not scanned: 14

 

Actions:

 

* Disinfected: 0

* Renamed: 0

* Deleted: 0

* None: 6

* Submitted: 0

 

Files not scanned:

 

* C:\HIBERFIL.SYS

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC1.LNK

* C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC2.LNK

* C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC3.LNK

* C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC4.LNK

* C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC7.JPG

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43B12753FD9996D02D9728C9E9D59650_EBA67B9F-B273-4105-8D81-24441A7939C2

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFFEEEE11DDE10E9E63FFBB81186C778_EBA67B9F-B273-4105-8D81-24441A7939C2

 

Options

Scanning engines:

 

* F-Secure USS: 2.40.0

* F-Secure Hydra: 2.8.8110, 2008-12-08

* F-Secure AVP: 7.0.171, 2008-12-08

* F-Secure Pegasus: 1.20.0, 2008-11-03

* F-Secure Blacklight: 2.4.1093

 

Scanning options:

 

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use Advanced heuristics

 

Copyright © 1998-2007 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Share this post


Link to post
Share on other sites

All right, can you post the Dr Web Cure It log? If it's very long, post it in multiple posts, thanks. :rolleyes:

 

Your logs look fine, how is your computer doing?

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this