|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page. |
 |
|
|
LinkBack | Thread Tools |
11-21-2007, 03:11 AM
|
#1 (permalink) | |||
|
Registered User
Join Date: Nov 2007
Posts: 6
OS: win xp home edi
|
Trojan Virus I can't get rid of
Hi there!
It seems I managed to infect my computer by installing a file called Amphiotik Enhancer VST that I downloaded from eMule. The virus has deactivated my antivirus (AVG free 7.5) and has also caused a problem with windows defender (it says "application failed to initialize: 0x800106ba") and with my wireless connection (it says "windows cannot configure this connection. Start the WZC configuration service). I have done the Kaspersky on-line check and here is the result: Quote:
Quote:
Quote:
I would appreciate help with this one. Regards, Tete |
|||
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-21-2007, 01:24 PM
|
#2 (permalink) |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Re: Trojan Virus I can't get rid of
Hi and welcome to TSF.
Please start here and follow the instructions. http://www.techsupportforum.com/secu...sting-log.html If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs. Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums.   PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
11-22-2007, 04:54 AM
|
#3 (permalink) | |
|
Registered User
Join Date: Nov 2007
Posts: 6
OS: win xp home edi
|
Re: Trojan Virus I can't get rid of : w32/bagle.hx.worm
Hi Iain and thanks for your reply.
I've followed the 5 steps carefully and here is the results: Activescan report: Quote:
Code:
Deckard's System Scanner v20071014.68
Run by Alfonso on 2007-11-22 12:32:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2007-11-22 11:32:46 UTC - RP415 - Deckard's System Scanner Restore Point
24: 2007-11-22 10:14:09 UTC - RP414 - Installed Kaspersky Anti-Virus 7.0.
23: 2007-11-21 20:56:25 UTC - RP413 - Installed Kaspersky Anti-Virus 7.0.
22: 2007-11-21 10:00:21 UTC - RP412 - Installed AVG 7.5
21: 2007-11-20 16:52:29 UTC - RP411 - Removed Windows Live Messenger
-- First Restore Point --
1: 2007-11-16 17:47:47 UTC - RP391 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.43 GiB (less than 15%) free.
-- HijackThis (run as Alfonso.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:19, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alfonso\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alfonso.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?hl=en-GB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onetel.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e587b18f9a8141e8a79824a0060d3d3c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e587b18f9a8141e8a79824a0060d3d3c
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.supertraffic.info
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} (ImportCtl Class) - http://www.wayn.com/activex/WAYNImportOE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8506 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\program files\acer\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R4 klif - c:\windows\system32\drivers\klif.sys (file missing)
S0 BTKRNL (Bluetooth Protocol Stack) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys (file missing)
S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S2 btwdins (Bluetooth Service) - c:\program files\widcomm\bluetooth software\bin\btwdins.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-22 12:07:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-19 01:52:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-17 08:23:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-16 17:15:50 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2007-10-22 and 2007-11-22 -----------------------------
2007-11-22 12:34:31 0 d-------- C:\Program Files\Trend Micro
2007-11-22 12:22:05 0 d-------- C:\ie-spyad_zo
2007-11-22 12:14:24 0 d-------- C:\Program Files\SpywareBlaster
2007-11-20 17:58:09 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 17:08:43 0 d--h----- C:\WINDOWS\PIF
2007-11-20 16:55:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-20 16:55:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 14:52:14 0 d-------- C:\kav
2007-11-20 10:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 10:34:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-19 13:01:08 0 d-------- C:\Program Files\Alwil Software
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-11-19 02:34:36 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-11-19 02:34:36 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-11-19 01:25:09 0 d-------- C:\Program Files\Sunbelt Software
2007-11-18 23:26:41 0 d-------- C:\WINDOWS\exefld
2007-11-18 23:20:18 0 d-------- C:\Program Files\Common Files\KORG
2007-11-18 23:19:53 0 d-------- C:\Program Files\KORG
2007-11-18 02:56:47 0 d-------- C:\Program Files\VirtualDJ
2007-11-18 02:54:36 0 d-------- C:\Program Files\Studio Devil
2007-11-18 02:53:42 311295 --a------ C:\WINDOWS\LOOP.exe
2007-11-18 02:48:33 2291734 --a------ C:\WINDOWS\system32\TmpA753500
2007-11-18 02:48:11 0 d-------- C:\Program Files\Nomad Factory
2007-11-18 02:33:35 153088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2007-11-18 02:26:32 0 d-------- C:\Program Files\Ozone 3
2007-11-17 12:35:37 0 d-------- C:\Program Files\QuickTime
2007-11-15 20:52:28 0 d-------- C:\Program Files\ASIO4ALL v2
2007-11-15 15:06:45 0 d-------- C:\Program Files\SAGEM
2007-11-15 15:06:33 0 d-------- C:\Documents and Settings\Alfonso\Application Data\InstallShield
2007-11-03 03:10:55 0 d-------- C:\Program Files\Steinberg
2007-11-03 03:06:23 0 d-------- C:\Program Files\VSTplugins
2007-11-03 03:06:11 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Publish Providers
2007-11-03 03:02:47 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Sony
2007-11-03 03:02:03 0 d-------- C:\Program Files\Sony
2007-11-03 02:52:59 0 d-------- C:\Program Files\Common Files\iZotope
2007-11-03 02:42:44 0 d-------- C:\Program Files\Ableton
2007-11-03 02:41:11 1777664 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-03 02:30:24 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2007-11-03 02:30:24 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-11-03 02:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2007-11-03 02:26:22 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Propellerhead Software
2007-11-03 02:25:52 0 d-------- C:\Program Files\Propellerhead
2007-11-03 02:17:36 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-11-03 02:17:36 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-11-03 02:17:34 0 d-------- C:\Program Files\D-Tools
2007-10-28 22:15:50 0 d-------- C:\Program Files\SigmaPlot
2007-10-28 22:14:19 0 d-------- C:\Program Files\Downloaded Installations
2007-10-28 22:12:51 0 d-------- C:\Program Files\InStat3
2007-10-26 00:30:07 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Help
2007-10-25 22:31:17 0 d-------- C:\Program Files\VVSN
2007-10-25 22:26:59 96256 --a------ C:\WINDOWS\system32\drivers\sptd7597.sys
2007-10-25 22:26:59 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
-- Find3M Report ---------------------------------------------------------------
2007-11-19 16:36:40 87024 --a------ C:\Documents and Settings\Alfonso\Application Data\GDIPFONTCACHEV1.DAT
2007-10-12 16:23:06 0 dr------- C:\Documents and Settings\Alfonso\Application Data\Brother
2007-10-10 00:07:58 0 d-------- C:\Program Files\ALCATEL PC Suite
2007-10-02 18:20:06 0 d-------- C:\Program Files\ALCATech
2007-10-02 18:18:44 0 d-------- C:\Program Files\BPM studio
2007-09-26 15:55:34 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2007-09-26 15:52:18 0 d-------- C:\Program Files\Brother
2007-09-26 15:46:40 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-26 15:46:12 0 d-------- C:\Program Files\ScanSoft
2007-09-26 00:51:42 84776400 --a------ C:\Program Files\130INSTA.EXE <Not Verified; A.I.SOFT,INC.; FileCompact>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [28/03/2005 18:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 17:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2007 17:51]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OneCare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OneCare.lnk
backup=C:\WINDOWS\pss\OneCare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
c:\acer\epm\epm-dm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
C:\Acer\ePM\ePM.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Program Files\Acer\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ONECARE\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Arcade\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
E:\Workflow.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- Hosts -----------------------------------------------------------------------
207.44.196.219 auto.search.msn.com #NETVISION
-- End of Deckard's System Scanner: finished at 2007-11-22 12:36:04 ------------
Thank you very much again. Cheers Alfonso (fae Broxburn!!) |
|
|
|
|
|
11-22-2007, 06:13 AM
|
#4 (permalink) |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Re: Trojan Virus I can't get rid of
lol - Broxburn or not, you still need to post your logs in a new thread in the HJT Forum!
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
| Thread Tools | |
|
|
