Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page My log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-29-2007, 01:18 PM   #1 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
My log
Deckard's System Scanner v20070328.36
Run by Maverick on 2007-03-29 at 20:12:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2007-03-29 19:12:26 UTC - RP70 - Deckard's System Scanner Restore Point
67: 2007-03-27 17:43:06 UTC - RP69 - System Checkpoint
66: 2007-03-26 16:37:21 UTC - RP68 - Software Distribution Service 2.0
65: 2007-03-26 13:41:12 UTC - RP67 - Installed Ventrilo Client
64: 2007-03-24 18:03:32 UTC - RP66 - Installed Realtek AC'97 Audio


-- First Restore Point --
1: 2007-03-10 16:45:09 UTC - RP3 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Maverick.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:13:08, on 29/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\fzfkq.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Maverick\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Maverick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\System32\gebaabb.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\xvrthugl.dll (file missing)
O2 - BHO: (no name) - {585B2D2F-12FE-45D8-B356-F8638ED8D545} - C:\WINDOWS\System32\wvrhyxam.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BEC77B14-CD8E-465B-8469-DEB2635E3646} - C:\WINDOWS\System32\jkklj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\fzfkq.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\awsmwqcv.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1041383703921
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebaabb - C:\WINDOWS\SYSTEM32\gebaabb.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\System32\jkklj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: nservice - Unknown owner - C:\WINDOWS\System32\nservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 sensorsview - c:\windows\system32\drivers\sensorsview.sys
R3 cmudau (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudau.sys

S3 BRIDGE (MAC Bridge) - c:\windows\system32\drivers\bridge.sys
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nservice - c:\windows\system32\nservice.exe
R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs


-- Files created between 2007-02-28 and 2007-03-29 -----------------------------

2007-03-29 18:04:45 43176 --a------ C:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-29 18:04:45 23352 --a------ C:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-29 18:04:45 31560 --a------ C:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-29 18:04:44 94424 --a------ C:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-29 18:04:44 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys
2007-03-29 18:04:41 348160 --a------ C:\WINDOWS\System32\MSVCR71.dll
2007-03-29 18:04:41 499712 --a------ C:\WINDOWS\System32\MSVCP71.dll
2007-03-29 18:04:41 1060864 --a------ C:\WINDOWS\System32\MFC71.dll
2007-03-29 18:04:41 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-03-29 18:04:41 689280 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-03-29 18:04:37 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-29 17:24:44 23368 --a------ C:\WINDOWS\System32\fzfkq.exe
2007-03-28 23:02:03 533 --a------ C:\WINDOWS\eReg.dat
2007-03-28 23:01:49 0 d-------- C:\Program Files\Maxis
2007-03-28 22:49:16 0 d-------- C:\Acrobat3
2007-03-28 22:44:52 88576 --a------ C:\WINDOWS\RAUNINST.EXE
2007-03-28 22:44:35 0 d-------- C:\WESTWOOD
2007-03-28 22:43:52 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-28 22:38:42 0 d-------- C:\Documents and Settings\Maverick\WINDOWS
2007-03-27 17:55:38 26730 --a------ C:\WINDOWS\System32\wvuvvsq.dll
2007-03-27 17:55:38 26730 --a------ C:\WINDOWS\System32\gebaabb.dll
2007-03-27 17:55:35 31844 -----n--- C:\WINDOWS\System32\gebyy.exe
2007-03-26 20:20:47 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-03-26 20:20:42 0 d-------- C:\WINDOWS\Sun
2007-03-26 20:20:42 0 d-------- C:\Documents and Settings\Maverick\Application Data\Sun
2007-03-26 17:37:36 171280 --a------ C:\WINDOWS\System32\jit.dll
2007-03-26 17:37:36 139536 --a------ C:\WINDOWS\System32\javaee.dll
2007-03-26 17:37:36 313856 --a------ C:\WINDOWS\System32\dx3j.dll
2007-03-26 17:37:36 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-26 17:37:36 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-03-26 17:37:33 171792 --a------ C:\WINDOWS\System32\wjview.exe
2007-03-26 17:37:33 286992 --a------ C:\WINDOWS\System32\vmhelper.dll
2007-03-26 17:37:33 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll
2007-03-26 17:37:33 947472 --a------ C:\WINDOWS\System32\msjava.dll
2007-03-26 17:37:32 154384 --a------ C:\WINDOWS\System32\msawt.dll
2007-03-26 17:37:32 172304 --a------ C:\WINDOWS\System32\jview.exe
2007-03-26 17:37:32 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe
2007-03-26 17:37:32 404752 --a------ C:\WINDOWS\System32\javart.dll
2007-03-26 17:37:32 63248 --a------ C:\WINDOWS\System32\javaprxy.dll
2007-03-26 17:37:32 187152 --a------ C:\WINDOWS\System32\javacypt.dll
2007-03-26 17:37:32 49424 --a------ C:\WINDOWS\System32\clspack.exe
2007-03-26 15:07:07 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys
2007-03-26 15:07:07 131712 --a------ C:\WINDOWS\System32\drivers\ks.sys
2007-03-26 15:07:07 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys
2007-03-26 15:07:07 712704 -ra------ C:\WINDOWS\System32\a3d.dll
2007-03-26 15:07:06 44416 --a------ C:\WINDOWS\System32\drivers\stream.sys
2007-03-26 15:07:04 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-03-26 15:05:24 0 d-------- C:\WINDOWS\System32\Lang
2007-03-26 15:05:24 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-03-26 14:41:49 0 d-------- C:\Documents and Settings\Maverick\Application Data\Ventrilo
2007-03-26 14:41:12 0 d-------- C:\Program Files\Ventrilo
2007-03-26 14:41:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-26 00:58:39 0 d-------- C:\WINDOWS\hxl
2007-03-25 20:47:00 132116 --a------ C:\WINDOWS\System32\yqovgqyp.dll
2007-03-24 23:14:52 0 d-------- C:\WINDOWS\pss
2007-03-24 21:21:13 132116 --a------ C:\WINDOWS\System32\xtucgeff.dll
2007-03-24 20:05:04 828224 -ra------ C:\WINDOWS\System32\drivers\cmudau.sys
2007-03-24 20:05:04 98304 -ra------ C:\WINDOWS\System32\cmudau.dll
2007-03-24 20:05:04 14848 -ra------ C:\WINDOWS\System32\cmpropu.dll
2007-03-24 20:05:04 233472 -ra------ C:\WINDOWS\System32\cmdrvrmu.exe
2007-03-24 20:05:04 32768 -ra------ C:\WINDOWS\System32\cmdrvrmu.dll
2007-03-24 20:05:04 712704 -ra------ C:\WINDOWS\System32\a3dpropu.dll
2007-03-24 20:05:04 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2007-03-24 20:05:04 917504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-03-24 20:04:51 28672 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe<CMIUSB~1.EXE>
2007-03-24 20:04:45 0 d-------- C:\Program Files\Icemat Siberia USB Soundcard<ICEMAT~1>
2007-03-24 19:53:48 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-24 19:53:36 0 d-------- C:\Program Files\Common Files\Real
2007-03-24 19:53:35 0 d-------- C:\Program Files\Real
2007-03-24 19:50:57 0 d-------- C:\Documents and Settings\Maverick\Application Data\Real
2007-03-24 19:49:06 0 d-------- C:\Program Files\SensorsViewPro21<SENSOR~1>
2007-03-24 19:03:35 9410048 --a------ C:\WINDOWS\System32\RTLCPL.EXE
2007-03-24 19:03:35 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-24 19:03:33 156672 --a------ C:\WINDOWS\System32\RTLCPAPI.dll
2007-03-24 19:03:33 2324480 --a------ C:\WINDOWS\System32\drivers\ALCXWDM.SYS
2007-03-24 19:03:33 40960 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-03-24 19:03:33 77824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-03-24 19:03:32 294912 --a------ C:\WINDOWS\alcupd.exe
2007-03-24 19:03:32 200704 --a------ C:\WINDOWS\alcrmv.exe
2007-03-24 18:29:12 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe
2007-03-24 18:29:11 548352 --a------ C:\WINDOWS\System32\rtcdll.dll
2007-03-24 18:29:11 439808 --a------ C:\WINDOWS\System32\ipnathlp.dll
2007-03-24 18:29:11 593408 --a------ C:\WINDOWS\System32\h323msp.dll
2007-03-24 18:22:04 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-24 18:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-03-24 18:13:09 0 d-------- C:\Documents and Settings\Maverick\Shared
2007-03-24 18:13:08 0 d-------- C:\Documents and Settings\Maverick\Incomplete<INCOMP~1>
2007-03-24 18:12:13 0 d-------- C:\Program Files\Java
2007-03-24 18:11:32 0 d-------- C:\Program Files\Common Files\Java
2007-03-24 18:11:25 0 d-------- C:\Program Files\LimeWire
2007-03-24 18:10:29 0 d-------- C:\Documents and Settings\Maverick\.limewire<LIMEWI~1>
2007-03-24 05:51:56 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-03-10 18:48:40 172032 --a------ C:\WINDOWS\System32\nvuide.exe
2007-03-10 18:48:20 172032 --a------ C:\WINDOWS\System32\nvunrm.exe
2007-03-10 18:48:18 172032 --a------ C:\WINDOWS\System32\nvusmb.exe
2007-03-10 18:48:14 172032 --a------ C:\WINDOWS\System32\nvugart.exe
2007-03-10 18:47:52 991232 --a------ C:\WINDOWS\System32\esent.dll
2007-03-10 18:23:32 0 d-------- C:\Documents and Settings\Maverick\Contacts
2007-03-10 18:22:53 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-03-10 18:22:21 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-10 18:20:46 131604 --a------ C:\WINDOWS\System32\yuajopew.dll
2007-03-10 18:10:48 131604 --a------ C:\WINDOWS\System32\gjpsouct.dll
2007-03-10 17:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-10 17:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-10 17:46:04 0 d-------- C:\WINDOWS\System32\PreInstall<PREINS~1>
2007-03-10 17:46:02 22752 --a------ C:\WINDOWS\System32\spupdsvc.exe
2007-03-10 17:46:01 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-10 17:45:20 0 d-------- C:\WINDOWS\System32\bits
2007-03-10 17:44:22 7168 -----n--- C:\WINDOWS\System32\bitsprx3.dll
2007-03-10 17:44:22 7680 -----n--- C:\WINDOWS\System32\bitsprx2.dll
2007-03-10 17:44:21 331776 --a------ C:\WINDOWS\System32\winhttp.dll
2007-03-10 17:44:21 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 17:31:18 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-10 17:31:01 0 d-------- C:\WINDOWS\System32\ZoneLabs
2007-03-10 17:30:27 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-10 17:27:21 0 d-------- C:\Documents and Settings\Maverick\Application Data\Lavasoft
2007-03-10 17:27:15 0 d-------- C:\Program Files\Lavasoft
2007-03-10 17:26:47 26637 ---hs---- C:\WINDOWS\System32\ddcbccc.dll
2007-03-10 17:18:52 131604 --a------ C:\WINDOWS\System32\mnafvuyw.dll
2007-03-10 17:18:52 781759 ---hs---- C:\WINDOWS\System32\jlkkj.bak2<JLKKJ~2.BAK>
2007-03-10 17:18:47 0 d-------- C:\Documents and Settings\Maverick\Application Data\Comodo
2007-03-10 17:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-03-10 17:11:58 26637 ---hs---- C:\WINDOWS\System32\awtuusr.dll
2007-03-10 17:11:36 52224 -r-hs---- C:\WINDOWS\System32\nservice.exe
2007-03-10 17:11:36 0 -rahs---- C:\asdf
2007-03-10 17:10:48 131604 --a------ C:\WINDOWS\System32\dbmldktm.dll
2007-03-10 02:16:46 760791 ---hs---- C:\WINDOWS\System32\jlkkj.bak1<JLKKJ~1.BAK>
2007-03-10 02:16:37 282212 ---hs---- C:\WINDOWS\System32\jkklj.dll


-- Find3M Report ---------------------------------------------------------------

2007-03-29 19:39:17 0 d-------- C:\Program Files\Steam
2007-03-29 19:01:43 0 d-------- C:\Program Files\mIRC
2007-03-29 18:12:30 0 d---s---- C:\Documents and Settings\Maverick\Application Data\Microsoft<MICROS~1>
2007-03-26 17:37:27 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-24 19:55:01 3113 --a------ C:\WINDOWS\mozver.dat
2007-03-24 19:03:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 17:33:32 0 d-------- C:\Program Files\Comodo
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\System32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Logitech Utility"="Logi_MwX.Exe"
"Advanced DHTML Enable"="C:\\WINDOWS\\System32\\fzfkq.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\awsmwqcv.dll\",setvm"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebaabb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9af4ce-cf2f-11db-a0fb-806d6172696f}]
Shell\AutoRun\command D:\RunGame.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AAVMKER4
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWMON2
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWRDR
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWTDI
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWUPDSV
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVAST!_ANTIVIRUS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVAST!_MAIL_SCANNER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVAST!_WEB_SCANNER


-- End of Deckard's System Scanner: finished at 2007-03-29 at 20:13:29 ---------
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-30-2007, 04:56 AM   #2 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
Re: My log
Hi, i understand you guys are busy but i could really do with some help with this - it's becoming more of a virus now as opposed to a nuisance. This log was on the second page of the forum, shockin!

Please help,
Nick.
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2007, 06:47 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista


Re: My log
Hi Nick,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you carry out the instructions in the sequence listed below.

***************************************************

Download ComboFix and save it to your desktop.


**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Go to Start>Run then copy/paste the following red text into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /wow-drv nservice /v gebaabb xvrthugl wvrhyxam jkklj yqovgqyp xtucgeff yuajopew gjpsouct ddcbccc mnafvuyw awtuusr dbmldktm awsmwqcv

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Reconnect to the internet and please upload this file C:\WINDOWS\System32\fzfkq.exe to http://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\fzfkq.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\awsmwqcv.dll",setvm

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders if they still exist.

C:\WINDOWS\System32\ fzfkq.exe
C:\WINDOWS\System32\ gebyy.exe
C:\ asdf

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with dss.exe.

--------------------------------------------------------------------

Please include the following in your next reply:

jotti results
Panda results
New main.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 06:05 AM   #4 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
Re: My log
File: fzfkq.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 da0a958f7cda190269071d7d62e97c60
Packers detected:
PE_PATCH, UPACK, POLYENE

AntiVir
Found HEUR/Crypted
ArcaVir
Found Heur.Win32
Avast
Found nothing
AVG Antivirus
Found Proxy.MSF
BitDefender
Found Trojan.Proxy.Ranky.GH
ClamAV
Found nothing
Dr.Web
Found Trojan.DownLoader.19425
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-Proxy.Win32.Agent.mf
Fortinet
Found W32/Agent.MF!tr
Kaspersky Anti-Virus
Found Trojan-Proxy.Win32.Agent.mf
NOD32
Found probably a variant of Win32/TrojanProxy.Ranky (probable variant)
Norman Virus Control
Found W32/Suspicious_U.gen
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found Packed/Upack
VBA32
Found Trojan-Proxy.Win32.Agent.mf
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 06:37 AM   #5 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
Re: My log
Here's the main.txt and Activescan.txt

Incident Status Location

Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.adviva.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.com.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Maverick\Application Data\Mozilla\Firefox\Profiles\r3rdlg7t.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@888[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@azjmp[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@errorsafe[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@questionmarket[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@systemdoctor[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@www.myaffiliateprogram[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@www.systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Maverick\Cookies\maverick@www.winantivirus[1].txt
Virus:W32/Sdbot.ISY.worm Disinfected C:\WINDOWS\system32\nservice.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\opnnkjj.dll
Virus:Trj/Ranky.SD Disinfected C:\WINDOWS\system32\svchot.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wvuvvsq.dll

Deckard's System Scanner v20070328.36
Run by Maverick on 2007-03-31 at 13:35:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Maverick.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:35:51, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Maverick\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Maverick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {585B2D2F-12FE-45D8-B356-F8638ED8D545} - C:\WINDOWS\System32\wvrhyxam.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1041383703921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 13:18:43 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-31 13:18:42 0 d-------- C:\WINDOWS\LastGood
2007-03-31 13:08:36 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-29 18:04:45 43176 --a------ C:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-29 18:04:45 23352 --a------ C:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-29 18:04:45 31560 --a------ C:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-29 18:04:44 94424 --a------ C:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-29 18:04:44 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys
2007-03-29 18:04:41 348160 --a------ C:\WINDOWS\System32\MSVCR71.dll
2007-03-29 18:04:41 499712 --a------ C:\WINDOWS\System32\MSVCP71.dll
2007-03-29 18:04:41 1060864 --a------ C:\WINDOWS\System32\MFC71.dll
2007-03-29 18:04:41 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-03-29 18:04:41 689280 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-03-29 18:04:37 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-28 23:02:03 533 --a------ C:\WINDOWS\eReg.dat
2007-03-28 23:01:49 0 d-------- C:\Program Files\Maxis
2007-03-28 22:49:16 0 d-------- C:\Acrobat3
2007-03-28 22:44:52 88576 --a------ C:\WINDOWS\RAUNINST.EXE
2007-03-28 22:44:35 0 d-------- C:\WESTWOOD
2007-03-28 22:43:52 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-28 22:38:42 0 d-------- C:\Documents and Settings\Maverick\WINDOWS
2007-03-27 17:55:38 26730 --a------ C:\WINDOWS\System32\wvuvvsq.dll
2007-03-26 20:20:47 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-03-26 20:20:42 0 d-------- C:\WINDOWS\Sun
2007-03-26 20:20:42 0 d-------- C:\Documents and Settings\Maverick\Application Data\Sun
2007-03-26 17:37:36 171280 --a------ C:\WINDOWS\System32\jit.dll
2007-03-26 17:37:36 139536 --a------ C:\WINDOWS\System32\javaee.dll
2007-03-26 17:37:36 313856 --a------ C:\WINDOWS\System32\dx3j.dll
2007-03-26 17:37:36 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-26 17:37:36 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-03-26 17:37:33 171792 --a------ C:\WINDOWS\System32\wjview.exe
2007-03-26 17:37:33 286992 --a------ C:\WINDOWS\System32\vmhelper.dll
2007-03-26 17:37:33 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll
2007-03-26 17:37:33 947472 --a------ C:\WINDOWS\System32\msjava.dll
2007-03-26 17:37:32 154384 --a------ C:\WINDOWS\System32\msawt.dll
2007-03-26 17:37:32 172304 --a------ C:\WINDOWS\System32\jview.exe
2007-03-26 17:37:32 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe
2007-03-26 17:37:32 404752 --a------ C:\WINDOWS\System32\javart.dll
2007-03-26 17:37:32 63248 --a------ C:\WINDOWS\System32\javaprxy.dll
2007-03-26 17:37:32 187152 --a------ C:\WINDOWS\System32\javacypt.dll
2007-03-26 17:37:32 49424 --a------ C:\WINDOWS\System32\clspack.exe
2007-03-26 15:07:07 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys
2007-03-26 15:07:07 131712 --a------ C:\WINDOWS\System32\drivers\ks.sys
2007-03-26 15:07:07 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys
2007-03-26 15:07:07 712704 -ra------ C:\WINDOWS\System32\a3d.dll
2007-03-26 15:07:06 44416 --a------ C:\WINDOWS\System32\drivers\stream.sys
2007-03-26 15:07:04 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-03-26 15:05:24 0 d-------- C:\WINDOWS\System32\Lang
2007-03-26 15:05:24 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-03-26 14:41:49 0 d-------- C:\Documents and Settings\Maverick\Application Data\Ventrilo
2007-03-26 14:41:12 0 d-------- C:\Program Files\Ventrilo
2007-03-26 14:41:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-26 00:58:39 0 d-------- C:\WINDOWS\hxl
2007-03-24 23:14:52 0 d-------- C:\WINDOWS\pss
2007-03-24 20:05:04 828224 -ra------ C:\WINDOWS\System32\drivers\cmudau.sys
2007-03-24 20:05:04 98304 -ra------ C:\WINDOWS\System32\cmudau.dll
2007-03-24 20:05:04 14848 -ra------ C:\WINDOWS\System32\cmpropu.dll
2007-03-24 20:05:04 233472 -ra------ C:\WINDOWS\System32\cmdrvrmu.exe
2007-03-24 20:05:04 32768 -ra------ C:\WINDOWS\System32\cmdrvrmu.dll
2007-03-24 20:05:04 712704 -ra------ C:\WINDOWS\System32\a3dpropu.dll
2007-03-24 20:05:04 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2007-03-24 20:05:04 917504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-03-24 20:04:51 28672 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe<CMIUSB~1.EXE>
2007-03-24 20:04:45 0 d-------- C:\Program Files\Icemat Siberia USB Soundcard<ICEMAT~1>
2007-03-24 19:53:48 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-24 19:53:36 0 d-------- C:\Program Files\Common Files\Real
2007-03-24 19:53:35 0 d-------- C:\Program Files\Real
2007-03-24 19:50:57 0 d-------- C:\Documents and Settings\Maverick\Application Data\Real
2007-03-24 19:49:06 0 d-------- C:\Program Files\SensorsViewPro21<SENSOR~1>
2007-03-24 19:03:35 9410048 --a------ C:\WINDOWS\System32\RTLCPL.EXE
2007-03-24 19:03:35 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-24 19:03:33 156672 --a------ C:\WINDOWS\System32\RTLCPAPI.dll
2007-03-24 19:03:33 2324480 --a------ C:\WINDOWS\System32\drivers\ALCXWDM.SYS
2007-03-24 19:03:33 40960 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-03-24 19:03:33 77824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-03-24 19:03:32 294912 --a------ C:\WINDOWS\alcupd.exe
2007-03-24 19:03:32 200704 --a------ C:\WINDOWS\alcrmv.exe
2007-03-24 18:29:12 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe
2007-03-24 18:29:11 548352 --a------ C:\WINDOWS\System32\rtcdll.dll
2007-03-24 18:29:11 439808 --a------ C:\WINDOWS\System32\ipnathlp.dll
2007-03-24 18:29:11 593408 --a------ C:\WINDOWS\System32\h323msp.dll
2007-03-24 18:22:04 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-24 18:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-03-24 18:13:09 0 d-------- C:\Documents and Settings\Maverick\Shared
2007-03-24 18:13:08 0 d-------- C:\Documents and Settings\Maverick\Incomplete<INCOMP~1>
2007-03-24 18:12:13 0 d-------- C:\Program Files\Java
2007-03-24 18:11:32 0 d-------- C:\Program Files\Common Files\Java
2007-03-24 18:11:25 0 d-------- C:\Program Files\LimeWire
2007-03-24 18:10:29 0 d-------- C:\Documents and Settings\Maverick\.limewire<LIMEWI~1>
2007-03-24 05:51:56 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-03-10 18:48:40 172032 --a------ C:\WINDOWS\System32\nvuide.exe
2007-03-10 18:48:20 172032 --a------ C:\WINDOWS\System32\nvunrm.exe
2007-03-10 18:48:18 172032 --a------ C:\WINDOWS\System32\nvusmb.exe
2007-03-10 18:48:14 172032 --a------ C:\WINDOWS\System32\nvugart.exe
2007-03-10 18:47:52 991232 --a------ C:\WINDOWS\System32\esent.dll
2007-03-10 18:23:32 0 d-------- C:\Documents and Settings\Maverick\Contacts
2007-03-10 18:22:53 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-03-10 18:22:21 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-10 17:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-10 17:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-10 17:46:04 0 d-------- C:\WINDOWS\System32\PreInstall<PREINS~1>
2007-03-10 17:46:02 22752 --a------ C:\WINDOWS\System32\spupdsvc.exe
2007-03-10 17:46:01 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-10 17:45:20 0 d-------- C:\WINDOWS\System32\bits
2007-03-10 17:44:22 7168 -----n--- C:\WINDOWS\System32\bitsprx3.dll
2007-03-10 17:44:22 7680 -----n--- C:\WINDOWS\System32\bitsprx2.dll
2007-03-10 17:44:21 331776 --a------ C:\WINDOWS\System32\winhttp.dll
2007-03-10 17:44:21 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 17:31:18 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-10 17:31:01 0 d-------- C:\WINDOWS\System32\ZoneLabs
2007-03-10 17:30:27 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-10 17:27:21 0 d-------- C:\Documents and Settings\Maverick\Application Data\Lavasoft
2007-03-10 17:27:15 0 d-------- C:\Program Files\Lavasoft
2007-03-10 17:18:47 0 d-------- C:\Documents and Settings\Maverick\Application Data\Comodo
2007-03-10 17:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo


-- Find3M Report ---------------------------------------------------------------

2007-03-31 13:35:08 0 d-------- C:\Program Files\Steam
2007-03-31 12:51:56 0 d-------- C:\Program Files\mIRC
2007-03-29 18:12:30 0 d---s---- C:\Documents and Settings\Maverick\Application Data\Microsoft<MICROS~1>
2007-03-26 17:37:27 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-24 19:55:01 3113 --a------ C:\WINDOWS\mozver.dat
2007-03-24 19:03:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 17:33:32 0 d-------- C:\Program Files\Comodo
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\System32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Logitech Utility"="Logi_MwX.Exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 13:36:02 ---------
Attached Files
File Type: txt main.txt (15.6 KB, 1 views)
File Type: txt Activescan.txt (20.1 KB, 1 views)
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
Last edited by Ried; 03-31-2007 at 12:11 PM.
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 12:28 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista


Re: My log
Hello Nick,

Almost there...

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {585B2D2F-12FE-45D8-B356-F8638ED8D545} - C:\WINDOWS\System32\wvrhyxam.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Delete these files:

C:\WINDOWS\system32\opnnkjj.dll
C:\WINDOWS\system32\wvuvvsq.dll

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

--------------------------------------------------------------------

Run a new scan with dss.exe and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Kaspersky results
New main.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 03:40 PM   #7 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
Re: My log
Here are the reports. Thanks for the help!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:10:04 31/03/2007

+ Scan result:



C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0017478.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0017480.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0018757.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0017580.exe -> Backdoor.IRCBot.xu : No action taken.
C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0017581.exe -> Proxy.Agent.mf : No action taken.
C:\System Volume Information\_restore{BBD1668B-2963-4105-905E-1999F646A398}\RP71\A0018650.exe -> Proxy.Agent.mf : No action taken.


::Report end


Deckard's System Scanner v20070328.36
Run by Maverick on 2007-03-31 at 22:39:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Maverick.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:39:10, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Maverick\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Maverick.exe

O2 - BHO: (no name) - {585B2D2F-12FE-45D8-B356-F8638ED8D545} - C:\WINDOWS\System32\wvrhyxam.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1041383703921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 22:17:33 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-31 21:40:58 3968 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-03-31 18:15:03 0 d-------- C:\Program Files\Simpli Software<SIMPLI~1>
2007-03-31 13:18:43 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-31 13:18:42 0 d-------- C:\WINDOWS\LastGood
2007-03-31 13:08:36 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-29 18:04:45 43176 --a------ C:\WINDOWS\System32\drivers\aswTdi.sys
2007-03-29 18:04:45 23352 --a------ C:\WINDOWS\System32\drivers\aswRdr.sys
2007-03-29 18:04:45 31560 --a------ C:\WINDOWS\System32\drivers\aavmker4.sys
2007-03-29 18:04:44 94424 --a------ C:\WINDOWS\System32\drivers\aswmon2.sys
2007-03-29 18:04:44 85952 --a------ C:\WINDOWS\System32\drivers\aswmon.sys
2007-03-29 18:04:41 348160 --a------ C:\WINDOWS\System32\MSVCR71.dll
2007-03-29 18:04:41 499712 --a------ C:\WINDOWS\System32\MSVCP71.dll
2007-03-29 18:04:41 1060864 --a------ C:\WINDOWS\System32\MFC71.dll
2007-03-29 18:04:41 90112 --a------ C:\WINDOWS\System32\AVASTSS.scr
2007-03-29 18:04:41 689280 --a------ C:\WINDOWS\System32\aswBoot.exe
2007-03-29 18:04:37 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-28 23:02:03 533 --a------ C:\WINDOWS\eReg.dat
2007-03-28 23:01:49 0 d-------- C:\Program Files\Maxis
2007-03-28 22:49:16 0 d-------- C:\Acrobat3
2007-03-28 22:44:52 88576 --a------ C:\WINDOWS\RAUNINST.EXE
2007-03-28 22:44:35 0 d-------- C:\WESTWOOD
2007-03-28 22:43:52 299520 --a------ C:\WINDOWS\uninst.exe
2007-03-28 22:38:42 0 d-------- C:\Documents and Settings\Maverick\WINDOWS
2007-03-26 20:20:47 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-03-26 20:20:42 0 d-------- C:\WINDOWS\Sun
2007-03-26 20:20:42 0 d-------- C:\Documents and Settings\Maverick\Application Data\Sun
2007-03-26 17:37:36 171280 --a------ C:\WINDOWS\System32\jit.dll
2007-03-26 17:37:36 139536 --a------ C:\WINDOWS\System32\javaee.dll
2007-03-26 17:37:36 313856 --a------ C:\WINDOWS\System32\dx3j.dll
2007-03-26 17:37:36 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-26 17:37:36 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-03-26 17:37:33 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-03-26 17:37:33 171792 --a------ C:\WINDOWS\System32\wjview.exe
2007-03-26 17:37:33 286992 --a------ C:\WINDOWS\System32\vmhelper.dll
2007-03-26 17:37:33 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll
2007-03-26 17:37:33 947472 --a------ C:\WINDOWS\System32\msjava.dll
2007-03-26 17:37:32 154384 --a------ C:\WINDOWS\System32\msawt.dll
2007-03-26 17:37:32 172304 --a------ C:\WINDOWS\System32\jview.exe
2007-03-26 17:37:32 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe
2007-03-26 17:37:32 404752 --a------ C:\WINDOWS\System32\javart.dll
2007-03-26 17:37:32 63248 --a------ C:\WINDOWS\System32\javaprxy.dll
2007-03-26 17:37:32 187152 --a------ C:\WINDOWS\System32\javacypt.dll
2007-03-26 17:37:32 49424 --a------ C:\WINDOWS\System32\clspack.exe
2007-03-26 15:07:07 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys
2007-03-26 15:07:07 131712 --a------ C:\WINDOWS\System32\drivers\ks.sys
2007-03-26 15:07:07 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys
2007-03-26 15:07:07 712704 -ra------ C:\WINDOWS\System32\a3d.dll
2007-03-26 15:07:06 44416 --a------ C:\WINDOWS\System32\drivers\stream.sys
2007-03-26 15:07:04 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-03-26 15:05:24 0 d-------- C:\WINDOWS\System32\Lang
2007-03-26 15:05:24 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-03-26 14:41:49 0 d-------- C:\Documents and Settings\Maverick\Application Data\Ventrilo
2007-03-26 14:41:12 0 d-------- C:\Program Files\Ventrilo
2007-03-26 14:41:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-26 00:58:39 0 d-------- C:\WINDOWS\hxl
2007-03-24 23:14:52 0 d-------- C:\WINDOWS\pss
2007-03-24 20:05:04 828224 -ra------ C:\WINDOWS\System32\drivers\cmudau.sys
2007-03-24 20:05:04 98304 -ra------ C:\WINDOWS\System32\cmudau.dll
2007-03-24 20:05:04 14848 -ra------ C:\WINDOWS\System32\cmpropu.dll
2007-03-24 20:05:04 233472 -ra------ C:\WINDOWS\System32\cmdrvrmu.exe
2007-03-24 20:05:04 32768 -ra------ C:\WINDOWS\System32\cmdrvrmu.dll
2007-03-24 20:05:04 712704 -ra------ C:\WINDOWS\System32\a3dpropu.dll
2007-03-24 20:05:04 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2007-03-24 20:05:04 917504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-03-24 20:04:51 28672 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe<CMIUSB~1.EXE>
2007-03-24 20:04:45 0 d-------- C:\Program Files\Icemat Siberia USB Soundcard<ICEMAT~1>
2007-03-24 19:53:48 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-24 19:53:36 0 d-------- C:\Program Files\Common Files\Real
2007-03-24 19:53:35 0 d-------- C:\Program Files\Real
2007-03-24 19:50:57 0 d-------- C:\Documents and Settings\Maverick\Application Data\Real
2007-03-24 19:49:06 0 d-------- C:\Program Files\SensorsViewPro21<SENSOR~1>
2007-03-24 19:03:35 9410048 --a------ C:\WINDOWS\System32\RTLCPL.EXE
2007-03-24 19:03:35 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-03-24 19:03:33 156672 --a------ C:\WINDOWS\System32\RTLCPAPI.dll
2007-03-24 19:03:33 2324480 --a------ C:\WINDOWS\System32\drivers\ALCXWDM.SYS
2007-03-24 19:03:33 40960 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-03-24 19:03:33 77824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-03-24 19:03:32 294912 --a------ C:\WINDOWS\alcupd.exe
2007-03-24 19:03:32 200704 --a------ C:\WINDOWS\alcrmv.exe
2007-03-24 18:29:12 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe
2007-03-24 18:29:11 548352 --a------ C:\WINDOWS\System32\rtcdll.dll
2007-03-24 18:29:11 439808 --a------ C:\WINDOWS\System32\ipnathlp.dll
2007-03-24 18:29:11 593408 --a------ C:\WINDOWS\System32\h323msp.dll
2007-03-24 18:22:04 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-03-24 18:13:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-03-24 18:13:09 0 d-------- C:\Documents and Settings\Maverick\Shared
2007-03-24 18:13:08 0 d-------- C:\Documents and Settings\Maverick\Incomplete<INCOMP~1>
2007-03-24 18:12:13 0 d-------- C:\Program Files\Java
2007-03-24 18:11:32 0 d-------- C:\Program Files\Common Files\Java
2007-03-24 18:11:25 0 d-------- C:\Program Files\LimeWire
2007-03-24 18:10:29 0 d-------- C:\Documents and Settings\Maverick\.limewire<LIMEWI~1>
2007-03-24 05:51:56 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-03-10 18:48:40 172032 --a------ C:\WINDOWS\System32\nvuide.exe
2007-03-10 18:48:20 172032 --a------ C:\WINDOWS\System32\nvunrm.exe
2007-03-10 18:48:18 172032 --a------ C:\WINDOWS\System32\nvusmb.exe
2007-03-10 18:48:14 172032 --a------ C:\WINDOWS\System32\nvugart.exe
2007-03-10 18:47:52 991232 --a------ C:\WINDOWS\System32\esent.dll
2007-03-10 18:23:32 0 d-------- C:\Documents and Settings\Maverick\Contacts
2007-03-10 18:22:53 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-03-10 18:22:21 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-10 17:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-10 17:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-10 17:46:04 0 d-------- C:\WINDOWS\System32\PreInstall<PREINS~1>
2007-03-10 17:46:02 22752 --a------ C:\WINDOWS\System32\spupdsvc.exe
2007-03-10 17:46:01 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-10 17:45:20 0 d-------- C:\WINDOWS\System32\bits
2007-03-10 17:44:22 7168 -----n--- C:\WINDOWS\System32\bitsprx3.dll
2007-03-10 17:44:22 7680 -----n--- C:\WINDOWS\System32\bitsprx2.dll
2007-03-10 17:44:21 331776 --a------ C:\WINDOWS\System32\winhttp.dll
2007-03-10 17:44:21 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll
2007-03-10 17:31:18 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-10 17:31:01 0 d-------- C:\WINDOWS\System32\ZoneLabs
2007-03-10 17:30:27 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-10 17:27:21 0 d-------- C:\Documents and Settings\Maverick\Application Data\Lavasoft
2007-03-10 17:27:15 0 d-------- C:\Program Files\Lavasoft
2007-03-10 17:18:47 0 d-------- C:\Documents and Settings\Maverick\Application Data\Comodo
2007-03-10 17:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo


-- Find3M Report ---------------------------------------------------------------

2007-03-31 22:17:43 0 d-------- C:\Program Files\mIRC
2007-03-31 22:13:07 0 d-------- C:\Program Files\Steam
2007-03-31 13:47:27 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-29 18:12:30 0 d---s---- C:\Documents and Settings\Maverick\Application Data\Microsoft<MICROS~1>
2007-03-24 19:55:01 3113 --a------ C:\WINDOWS\mozver.dat
2007-03-24 19:03:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 17:33:32 0 d-------- C:\Program Files\Comodo
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\System32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Logitech Utility"="Logi_MwX.Exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 22:39:21 ---------
Attached Files
File Type: txt Report-Scan-20070331-221004.txt (2.0 KB, 2 views)
File Type: txt Kaspersky report.txt (25.2 KB, 1 views)
File Type: txt main.txt (16.8 KB, 1 views)
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
Last edited by Ried; 04-01-2007 at 12:31 AM.
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2007, 12:37 AM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista


Re: My log
Hi Nick,

It appears you did not allow AVG A-S to quarantine/delete what it found and Kaspersky is reporting infections in those same places.

As the 'finds' by both programs involve entries in your System Restore, we'll take care of that ourselves in a moment.

Close any open browsers. Run a scan with HijackThis and fix this entry:

O2 - BHO: (no name) - {585B2D2F-12FE-45D8-B356-F8638ED8D545} - C:\WINDOWS\System32\wvrhyxam.dll (file missing)

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

How is your system behaving?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2007, 06:33 AM   #9 (permalink)
Tech Hardware Team
 
MaverickUK's Avatar
 
Join Date: Sep 2005
Location: Cheshire, England.
Posts: 882
OS: XP Home

My System

Send a message via MSN to MaverickUK
Re: My log
It seems the problem no longer remains. Thank you so much for the help, as without it i would still have the issues now. I've not got more security than ever before, if anything gets through this i'll actually pay the person who created the spyware.

Cheers again,
Nick.
__________________




Currently studying:
CompTIA A+
CompTIA N+
Cisco Certified Network Associate
MaverickUK is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2007, 08:46 AM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,996
OS: WinXP and Vista


Re: My log
You're welcome, Nick. Stay safe out there.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:28 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85