Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Malware / Virus Help Needed
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-08-2007, 08:03 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Malware / Virus Help Needed
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:18:25 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0ACE1D6C-B510-40FB-B81D-936697628373} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\wvuusro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\All Users\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155932316980
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{872C9859-24B6-49AA-8E24-2040F233C2C2}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5A4832-BA37-48E9-A7FE-E113E01C7D5D}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9005BD8-85E0-402F-8DB6-ECB768576CA6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: wvuusro - C:\WINDOWS\SYSTEM32\wvuusro.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8053 bytes


That is my current log.
I can't seem to figure hijackthis out enough to permanently delete the files,
as I've tried deleting the malware/viruses with Avast! (which first caught it), Spybot Search & Destroy, Ad-Aware SE Personal, etc.


Assistance is highly appreciated,
Thank you.
Last edited by LiteFireDark; 06-08-2007 at 08:19 PM.
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-08-2007, 08:31 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Re: Malware / Virus Help Needed
Deckard's System Scanner v20070603.47
Run by Owner on 2007-06-08 at 21:28:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2007-06-09 02:28:12 UTC - RP157 - Deckard's System Scanner Restore Point
61: 2007-06-06 20:21:25 UTC - RP156 - System Checkpoint
60: 2007-06-05 14:22:37 UTC - RP155 - System Checkpoint
59: 2007-06-03 15:24:10 UTC - RP154 - System Checkpoint
58: 2007-06-02 09:51:08 UTC - RP153 - System Checkpoint


-- First Restore Point --
1: 2007-03-23 00:37:15 UTC - RP96 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:29:03 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UTAZ36AK\dss[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0ACE1D6C-B510-40FB-B81D-936697628373} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\wvuusro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: &Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\All Users\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155932316980
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{872C9859-24B6-49AA-8E24-2040F233C2C2}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5A4832-BA37-48E9-A7FE-E113E01C7D5D}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9005BD8-85E0-402F-8DB6-ECB768576CA6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B98F6DE-4B24-4816-8991-015EB1D018A6}: NameServer = 85.255.115.45,85.255.112.144
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuusro - C:\WINDOWS\SYSTEM32\wvuusro.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; W1zzard; ATITool Driver>
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 AR5211 (Atheros Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys (file missing)
S3 dump_wmimmc - c:\program files\bots\gameguard\dump_wmimmc.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S4 dopewars-server (dopewars server) - c:\program files\dopewars-1.5.12\dopewars.exe -n


-- Scheduled Tasks -------------------------------------------------------------

2007-06-08 13:48:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-08 and 2007-06-08 -----------------------------

2007-06-08 21:13:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-06-08 21:13:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-08 21:13:19 0 d-------- C:\WINDOWS\LastGood
2007-06-08 20:36:43 33302 --a------ C:\WINDOWS\system32\iiffcde.dll
2007-06-08 10:27:21 131124 --a------ C:\WINDOWS\system32\tuvqwcwq.dll
2007-06-08 10:25:08 2580 --a------ C:\WINDOWS\system32\kecbyxyr.exe
2007-06-08 10:25:01 58420 --a------ C:\WINDOWS\system32\ookifqfd.dll
2007-06-08 10:24:58 1808551 ---hs---- C:\WINDOWS\system32\rtvwa.bak1
2007-06-08 10:24:11 263220 ---h----- C:\WINDOWS\system32\awvtr.dll
2007-06-08 10:23:38 263220 ---hs---- C:\WINDOWS\system32\awtsr.dll
2007-06-08 10:19:23 26763 --a------ C:\WINDOWS\system32\sysmon32.exe <Not Verified; NoName Corp.; NNC module>
2007-06-08 10:19:10 11776 --a------ C:\WINDOWS\smgr.exe
2007-06-08 10:18:55 57344 --a------ C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
2007-06-08 10:18:45 2 --a------ C:\WINDOWS\system32\wintsu.exe
2007-06-08 10:18:43 0 d-------- C:\Program Files\Outerinfo
2007-06-08 10:18:43 0 d-------- C:\Documents and Settings\Owner\Application Data\s?mbols
2007-06-08 10:18:36 40183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-06-08 10:18:35 0 d-------- C:\Program Files\?icrosoft.NET
2007-06-08 10:18:06 33302 --a------ C:\WINDOWS\system32\hgghebc.dll
2007-06-08 10:18:05 28160 --a------ C:\WINDOWS\system32\winsys64.exe <Not Verified; NoName Corp.; NNC module>
2007-06-08 10:18:05 19456 --a------ C:\WINDOWS\avp.exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2007-06-08 10:17:53 18944 --a------ C:\WINDOWS\system32\winjrs32.dll
2007-06-08 10:17:52 33302 --a------ C:\WINDOWS\system32\yayxwts.dll
2007-06-08 10:13:02 33302 --a------ C:\WINDOWS\system32\wvuusro.dll
2007-06-03 03:01:11 13013 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-02 17:24:31 0 d-------- C:\Program Files\hl-edit
2007-06-01 22:42:31 0 d-------- C:\Program Files\Valve Hammer Editor
2007-05-31 21:32:14 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-05-30 19:28:27 0 d-------- C:\Program Files\Hamachi
2007-05-30 18:13:35 0 d-------- C:\Program Files\MSN Messenger
2007-05-30 18:12:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-05-29 15:59:11 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-29 15:59:11 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-05-29 15:59:11 35382 --a------ C:\WINDOWS\scunin.dat
2007-05-28 14:59:55 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-05-28 14:50:41 0 d-------- C:\Program Files\VideoLAN
2007-05-24 02:34:49 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-05-24 02:11:40 498 --a------ C:\WINDOWS\eReg.dat
2007-05-24 02:11:02 33792 -ra------ C:\WINDOWS\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2007-05-24 02:11:02 0 d-------- C:\Program Files\Electronic Arts
2007-05-24 02:09:32 0 d-------- C:\Program Files\Maxis
2007-05-22 23:01:50 0 d-------- C:\Program Files\TechSmith
2007-05-16 16:15:43 0 d-------- C:\Program Files\NuGardt Software
2007-05-12 19:33:39 0 d-------- C:\Documents and Settings\Owner\Application Data\flatball
2007-05-12 19:08:22 0 d-------- C:\Program Files\Hero Editor
2007-05-12 19:08:14 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-05-12 17:32:30 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-05-12 17:32:30 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-05-12 17:32:29 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-05-12 16:56:03 0 d-------- C:\Program Files\Diablo II
2007-05-10 23:32:54 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-05-10 23:31:03 0 d-------- C:\Program Files\MAXON


-- Find3M Report ---------------------------------------------------------------

2007-06-08 03:57:13 130 --a------ C:\Documents and Settings\Owner\Application Data\iScrobbler.ini
2007-06-07 1936 0 d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2007-06-07 05:19:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2007-06-01 16:48:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-05-31 21:31:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 16:00:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-29 15:58:13 0 d-------- C:\Program Files\UnH Solutions
2007-05-28 14:46:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-05-28 13:16:59 0 d---s---- C:\Program Files\Xfire
2007-05-19 13:41:30 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-12 13:55:07 0 d-------- C:\Program Files\NVidia Corporation
2007-05-12 12:56:30 0 d-------- C:\Program Files\SpeedFan
2007-05-11 06:48:44 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-05 22:39:45 0 d-------- C:\Program Files\Bots
2007-05-01 22:33:02 0 d-------- C:\Documents and Settings\Owner\Application Data\MilkShape 3D 1.x.x
2007-04-27 17:27:36 0 d-------- C:\Program Files\directx
2007-04-26 21:41:59 0 d-------- C:\Documents and Settings\Owner\Application Data\IMVU
2007-04-24 18:00:34 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-04-23 00:35:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-14 18:35:36 0 d-------- C:\Program Files\VIA
2007-04-13 01:46:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Filter Forge
2007-04-13 01:34:23 0 d-------- C:\Program Files\Filter Forge
2007-03-29 00:58:27 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-27 18:49:56 3284 --a------ C:\WINDOWS\system32\ANIWZCS{2B98F6DE-4B24-4816-8991-015EB1D018A6}


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0ACE1D6C-B510-40FB-B81D-936697628373} C:\WINDOWS\system32\awvtr.dll
{8A61098D-612B-4EF2-943D-64E920684061} C:\WINDOWS\system32\wvuusro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SManager"="smanager.7.exe"
"avp"="C:\\WINDOWS\\avp.exe"
"smgr"="smgr.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Aim6"=""
"Steam"=""
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8A61098D-612B-4EF2-943D-64E920684061}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusro

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=dword:00000002
"IDriverT"=dword:00000003
"dopewars-server"=dword:00000003
"ATI Smart"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-06-08 at 21:29:55 ---------
Attached Files
File Type: txt extra.txt (13.0 KB, 1 views)
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-08-2007, 09:58 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Malware / Virus Help Needed
Hello LiteFireDark and welcome to TSF,

You have a quite a bit going on here and this will take a couple rounds to properly clean. Please stay with me and post the requested logs.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Please download FixWareout from one of these sites and save it to your desktop:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Outerinfo

--------------------------------------------------------------------

Run FixWareout. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin, follow the prompts.
  • You will be asked to reboot your computer, please do so.
  • Your system may take longer than usual to load. This is normal.
  • Once the desktop loads post the text that will open C:\fixwareout\report.txt which I will need in your next reply.
----------------------------------------------------------------

Now please double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Please include the following in your next reply:

C:\fixwareout\report.txt
C:\ComboFix.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-08-2007, 10:35 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Re: Malware / Virus Help Needed
ComboFix 07-06-09.1 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-08 23:27:49 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\tuvqwcwq.dll
C:\WINDOWS\system32\hgghebc.dll
C:\WINDOWS\system32\iiffcde.dll
C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\qwcwqvut.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\wvuusro.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1.\smbols~1
C:\Program Files\icroso~1.net


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-08 23:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 23:20 10,964 --a------ C:\dnsbak.reg
2007-06-08 21:28 <DIR> d-------- C:\Deckard
2007-06-08 21:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-08 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-08 10:25 58,420 --a------ C:\WINDOWS\system32\ookifqfd.dll
2007-06-08 10:18 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\vajmfsjo.exe
2007-06-03 03:01 13,013 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-02 17:24 <DIR> d-------- C:\Program Files\hl-edit
2007-06-02 03:34 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-02 03:34 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-02 03:34 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-02 03:34 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-02 03:34 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-02 03:34 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-02 03:34 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-01 22:42 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2007-05-31 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-05-30 19:28 <DIR> d-------- C:\Program Files\Hamachi
2007-05-30 18:13 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-30 18:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-29 15:59 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-29 15:59 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-05-29 15:59 35,382 --a------ C:\WINDOWS\scunin.dat
2007-05-28 14:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-28 14:50 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-24 02:11 498 --a------ C:\WINDOWS\eReg.dat
2007-05-24 02:11 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2007-05-24 02:11 <DIR> d-------- C:\Program Files\Electronic Arts
2007-05-24 02:09 <DIR> d-------- C:\Program Files\Maxis
2007-05-22 23:01 <DIR> d-------- C:\Program Files\TechSmith
2007-05-16 16:15 <DIR> d-------- C:\Program Files\NuGardt Software
2007-05-12 19:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\flatball
2007-05-12 19:08 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-05-12 19:08 249,856 --------- C:\WINDOWS\Setup1.exe
2007-05-12 19:08 <DIR> d-------- C:\Program Files\Hero Editor
2007-05-12 17:32 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-05-12 17:32 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-05-12 17:32 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-05-12 16:56 <DIR> d-------- C:\Program Files\Diablo II
2007-05-10 23:32 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-05-10 23:31 <DIR> d-------- C:\Program Files\MAXON


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 0036 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2007-06-07 10:19:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ventrilo
2007-06-01 21:48:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-01 02:31:19 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-31 01:37:43 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-29 21:00:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 20:58:13 -------- d-----w C:\Program Files\UnH Solutions
2007-05-28 19:46:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-05-28 18:16:59 -------- d-s---w C:\Program Files\Xfire
2007-05-19 18:41:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-12 18:55:07 -------- d-----w C:\Program Files\NVidia Corporation
2007-05-12 17:56:30 -------- d-----w C:\Program Files\SpeedFan
2007-05-11 11:48:44 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-06 03:39:45 -------- d-----w C:\Program Files\Bots
2007-05-02 03:33:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MilkShape 3D 1.x.x
2007-04-27 22:27:36 -------- d-----w C:\Program Files\directx
2007-04-27 02:41:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\IMVU
2007-04-24 23:00:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-04-23 05:35:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-14 23:35:36 -------- d-----w C:\Program Files\VIA
2007-04-13 06:46:05 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Filter Forge
2007-04-13 06:34:23 -------- d-----w C:\Program Files\Filter Forge
2007-03-29 05:58:27 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-22 04:30:54 4,103,032 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 14:25]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 17:01]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 18:53]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-08 21:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-08-24 20:32]
"Aim6"="" []
"Steam"="" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
"ATI Smart"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-08 18:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 23:32:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-08 23:34:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-08 23:34

--- E O F ---



Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SManager"="smanager.7.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Aim6"=""
"Steam"=""
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-08-2007, 10:52 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Malware / Virus Help Needed
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\winjrs32.dll
C:\WINDOWS\system32\ookifqfd.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\vajmfsjo.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
Save this as ComboFix-Do.txt, in the same location as ComboFix.exe




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Also please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply along with the C:\ComboFix.txt
How is your system behaving now?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 12:42 AM   #6 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Re: Malware / Virus Help Needed
ComboFix 07-06-09.1 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-09 0:01:23 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\vajmfsjo.exe
C:\WINDOWS\system32\ookifqfd.dll


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-08 23:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 23:20 10,964 --a------ C:\dnsbak.reg
2007-06-08 21:28 <DIR> d-------- C:\Deckard
2007-06-08 21:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-08 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-03 03:01 13,013 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-02 17:24 <DIR> d-------- C:\Program Files\hl-edit
2007-06-02 03:34 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-02 03:34 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-02 03:34 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-02 03:34 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-02 03:34 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-02 03:34 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-02 03:34 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-01 22:42 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2007-05-31 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-05-30 19:28 <DIR> d-------- C:\Program Files\Hamachi
2007-05-30 18:13 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-30 18:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-29 15:59 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-29 15:59 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-05-29 15:59 35,382 --a------ C:\WINDOWS\scunin.dat
2007-05-28 14:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-28 14:50 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-24 02:11 498 --a------ C:\WINDOWS\eReg.dat
2007-05-24 02:11 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2007-05-24 02:11 <DIR> d-------- C:\Program Files\Electronic Arts
2007-05-24 02:09 <DIR> d-------- C:\Program Files\Maxis
2007-05-22 23:01 <DIR> d-------- C:\Program Files\TechSmith
2007-05-16 16:15 <DIR> d-------- C:\Program Files\NuGardt Software
2007-05-12 19:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\flatball
2007-05-12 19:08 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-05-12 19:08 249,856 --------- C:\WINDOWS\Setup1.exe
2007-05-12 19:08 <DIR> d-------- C:\Program Files\Hero Editor
2007-05-12 17:32 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-05-12 17:32 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-05-12 17:32 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-05-12 16:56 <DIR> d-------- C:\Program Files\Diablo II
2007-05-10 23:32 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-05-10 23:31 <DIR> d-------- C:\Program Files\MAXON


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 0036 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2007-06-07 10:19:01 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ventrilo
2007-06-01 21:48:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-01 02:31:19 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-31 01:37:43 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-29 21:00:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 20:58:13 -------- d-----w C:\Program Files\UnH Solutions
2007-05-28 19:46:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-05-28 18:16:59 -------- d-s---w C:\Program Files\Xfire
2007-05-19 18:41:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-12 18:55:07 -------- d-----w C:\Program Files\NVidia Corporation
2007-05-12 17:56:30 -------- d-----w C:\Program Files\SpeedFan
2007-05-11 11:48:44 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-06 03:39:45 -------- d-----w C:\Program Files\Bots
2007-05-02 03:33:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MilkShape 3D 1.x.x
2007-04-27 22:27:36 -------- d-----w C:\Program Files\directx
2007-04-27 02:41:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\IMVU
2007-04-24 23:00:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-04-23 05:35:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-14 23:35:36 -------- d-----w C:\Program Files\VIA
2007-04-13 06:46:05 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Filter Forge
2007-04-13 06:34:23 -------- d-----w C:\Program Files\Filter Forge
2007-03-29 05:58:27 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-22 04:30:54 4,103,032 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 14:25]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 17:01]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 18:53]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-08 21:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-08-24 20:32]
"Aim6"="" []
"Steam"="" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
"ATI Smart"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-08 18:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 00:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 0:03:20
C:\ComboFix-quarantined-files.txt ... 2007-06-09 00:03
C:\ComboFix2.txt ... 2007-06-08 23:34

--- E O F ---

KASPERSKY ONLINE SCANNER REPORT
Saturday, June 09, 2007 1:41:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/06/2007
Kaspersky Anti-Virus database records: 341534


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics
Total number of scanned objects 85279
Number of viruses found 8
Number of infected objects 32
Number of suspicious objects 0
Duration of the scan process 01:25:44

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\WINDOWS\temp\win7.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Deckard\System Scanner\backup\WINDOWS\temp\winD.tmp.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\Deckard\System Scanner\backup\WINDOWS\temp\winD.tmp.exe NSIS: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\moazklxm\CatalysmFlux\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Aim\moazklxm\CatalysmFlux\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\373851225.mts Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups\backup-20070608-205650-271.dll Infected: Trojan.Win32.BHO.bd skipped

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups\backup-20070608-205650-273.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups\backup-20070608-205650-980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups\backup-20070608-211641-460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups\backup-20070608-211641-685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007060920070610\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\awtsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\awvtr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\hgghebc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\iiffcde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ookifqfd.dll.vir Infected: Trojan.Win32.BHO.bd skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvqwcwq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wvuusro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\yayxwts.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634805.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634806.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634812.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634812.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634812.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634812.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634812.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634813.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634821.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0634822.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP156\A0636918.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636936.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636937.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636938.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636939.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636940.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636941.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636942.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636943.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636944.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636953.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636954.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636955.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636956.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636957.dll Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636958.exe Object is locked skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636996.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636997.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0636999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0637003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0637004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\A0637101.dll Infected: Trojan.Win32.BHO.bd skipped

C:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_674.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-09.00-09-11.log Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

D:\Program Files\Steam\Steam.log Object is locked skipped

D:\Program Files\Steam\steamapps\half-life engine.gcf Object is locked skipped

D:\Program Files\Steam\steamapps\half-life.gcf Object is locked skipped

D:\Program Files\Steam\steamapps\platform.gcf Object is locked skipped

D:\Program Files\Steam\steamapps\sourceinit.gcf Object is locked skipped

D:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped

D:\Program Files\Steam\SteamLogs\SteamStats.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{CF6B2A50-4637-4C5F-8C6E-E0F35DAEE006}\RP159\change.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 07:50 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Malware / Virus Help Needed
Hi,

Kaspersky is only reporting items that we've quarantined in backups. We'll clear those now:

Delete the following folders:

C:\Deckard\System Scanner
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2\backups

-----------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 09:52 PM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Re: Malware / Virus Help Needed
Alright thanks alot, Ried.

I know where i'm going to head for all my hijhackthis logs if i have any more problems.

The problem WAS my fault for ignorantly downloading a .exe (looking for a keygen for a program) and it auto-executed a few things and problems began.


Great help.
Much appreciated,

Lite.
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 09:57 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,995
OS: WinXP and Vista


Re: Malware / Virus Help Needed
That's usually how these problems arise...

You're quite welcome, Lite. Take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 10:03 PM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: Windows XP


Re: Malware / Virus Help Needed
And go figure this is the first case i havn't been able to cure and fix myself..

Bah..computers.
LiteFireDark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:11 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85