|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-07-2008, 06:09 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Virus.Win32.Trats.d
I've been dealing with a virus for quite some time. Just when I think it's gone, it pops back up again and then some new ones. It seemed it popped back up after downloading MySpace Messenger. I got rid of Messenger, thought I got rid of the virus and then downloaded Windows Live Messenger and now there's a new virus and Messenger doesn't work at all. I did a virus scan and it said there were 15 viruses (took over 5 hours to do a virus scan this morning ???). I recently received a warning box that said the following:
Malicious code found in file C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP19\A0005859.exe. Infection: Virus.Win32.Trats.d Action: failed. On a side note, I had a virus called mlljk.exe. I've gotten rid of it several times (it's currently not listed), but it's come back atleast 3 times in the past. Thanks for any help. Here is my HJT log. Also attached is a copy of my ActiveScan file. Deckard's System Scanner v20071014.68 Run by Katrina Dobrolinsky on 2008-02-07 18:39:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 503 MiB (512 MiB recommended). -- HijackThis (run as Katrina Dobrolinsky.exe) --------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:39:49 PM, on 2/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Katrina Dobrolinsky\Desktop\dss.exe C:\PROGRA~1\TRENDM~2\HIJACK~1\KATRIN~1.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1200496844906 O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200496836562 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/def...jolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/def...rsion=1,0,0,10 O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 8161 bytes -- Files created between 2008-01-07 and 2008-02-07 ----------------------------- 2008-02-07 18:35:58 0 d-------- C:\ie-spyad_zo 2008-02-07 17:54:17 113 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys 2008-02-07 17:54:15 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware> 2008-02-07 16:56:15 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-02-07 16:41:55 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-07 16:41:54 0 d-------- C:\WINDOWS\LastGood 2008-02-06 23:49:34 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\F-Secure 2008-02-06 20:54:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-06 20:54:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-05 19:30:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-05 16:02:45 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-05 16:02:45 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-05 16:02:45 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-05 16:02:45 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-05 13:56:22 0 d-------- C:\VundoFix Backups 2008-02-05 13:56:19 0 d-------- C:\vongo 2008-02-05 13:56:19 0 d-------- C:\Program Files\Trend Micro 2008-02-05 13:56:19 0 d-------- C:\Program Files\Kaneva 2008-02-05 13:56:19 0 d-------- C:\Program Files\Azureus 2008-02-05 13:56:19 0 d-------- C:\HJT 2008-02-05 13:56:16 0 d-------- C:\Program Files\SpywareBlaster 2008-02-05 13:56:16 0 d-------- C:\Program Files\Spyware Doctor 2008-02-05 13:56:15 0 d-------- C:\Program Files\Zappit 2008-02-05 12:34:27 0 d-------- C:\Program Files\Spybot - Search & Destroy(2) 2008-02-05 12:25:17 0 d-------- C:\Program Files\Trend Micro(2) 2008-02-05 11:20:17 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 11:19:38 0 d-------- C:\Program Files\Charter High-Speed Security Suite 2008-02-05 11:19:18 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-02-04 19:55:02 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Contacts 2008-02-02 18:14:17 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\HP 2008-02-01 09:09:17 3407872 --a------ C:\Documents and Settings\Katrina Dobrolinsky\NTUSER.DAT 2008-01-25 14:36:04 671 --a------ C:\WINDOWS\mozver.dat 2008-01-25 14:33:27 0 d-------- C:\Program Files\valecam 2008-01-21 01:13:53 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Apple Computer 2008-01-20 11:52:48 132608 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix> 2008-01-19 16:24:40 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Mozilla 2008-01-19 16:04:35 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Mozilla 2008-01-19 15:53:11 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\.gimp-2.2 2008-01-19 15:52:55 0 d-------- C:\Program Files\GIMPshop 2008-01-19 13:13:25 164 --a------ C:\install.dat 2008-01-19 13:03:28 0 d---s---- C:\Documents and Settings\Darian.PC120716747189\UserData 2008-01-18 22:37:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-18 22:37:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-01-18 22:37:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-01-18 22:37:54 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-01-18 22:37:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-18 22:37:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-01-18 22:23:37 1594 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-18 18:53:12 0 d-------- C:\WINDOWS\ERUNT 2008-01-18 18:51:06 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-01-18 18:51:06 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-01-18 18:51:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-01-18 18:51:06 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-01-18 18:51:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-01-18 18:51:06 786432 --a------ C:\Documents and Settings\Administrator\ntuser.dat 2008-01-18 18:51:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-01-18 18:51:06 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-01-18 18:51:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-01-18 18:51:06 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-01-18 18:51:06 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-01-18 18:51:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-01-18 18:51:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-01-18 18:51:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-01-18 18:51:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-01-18 18:51:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-01-18 14:30:10 0 d-------- C:\W30A5F24 2008-01-18 14:30:10 0 d-------- C:\Program Files\SP37159 2008-01-18 14:12:06 0 d-------- C:\WINDOWS\system32\Lang 2008-01-18 14:12:06 397312 --a------ C:\WINDOWS\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver> 2008-01-18 14:12:06 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-01-17 19:40:39 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\OfficeUpdate12 2008-01-17 19:33:48 0 -rahs---- C:\MSDOS.SYS 2008-01-17 19:33:48 0 -rahs---- C:\IO.SYS 2008-01-17 18:36:39 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Macromedia 2008-01-17 18:36:37 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Adobe 2008-01-17 18:36:07 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Google 2008-01-17 18:35:45 0 d---s---- C:\Documents and Settings\Darian.PC120716747189\Temporary Internet Files 2008-01-17 18:35:45 0 d---s---- C:\Documents and Settings\Darian.PC120716747189\History 2008-01-17 18:35:40 0 d--h----- C:\Documents and Settings\Darian.PC120716747189\Templates 2008-01-17 18:35:40 0 dr------- C:\Documents and Settings\Darian.PC120716747189\Start Menu 2008-01-17 18:35:40 0 dr-h----- C:\Documents and Settings\Darian.PC120716747189\SendTo 2008-01-17 18:35:40 0 dr-h----- C:\Documents and Settings\Darian.PC120716747189\Recent 2008-01-17 18:35:40 0 d--h----- C:\Documents and Settings\Darian.PC120716747189\PrintHood 2008-01-17 18:35:40 1048576 --a------ C:\Documents and Settings\Darian.PC120716747189\NTUSER.DAT 2008-01-17 18:35:40 0 d--h----- C:\Documents and Settings\Darian.PC120716747189\NetHood 2008-01-17 18:35:40 0 dr------- C:\Documents and Settings\Darian.PC120716747189\My Documents 2008-01-17 18:35:40 0 d--h----- C:\Documents and Settings\Darian.PC120716747189\Local Settings 2008-01-17 18:35:40 0 dr------- C:\Documents and Settings\Darian.PC120716747189\Favorites 2008-01-17 18:35:40 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Desktop 2008-01-17 18:35:40 0 d---s---- C:\Documents and Settings\Darian.PC120716747189\Cookies 2008-01-17 18:35:40 0 dr-h----- C:\Documents and Settings\Darian.PC120716747189\Application Data 2008-01-17 18:35:40 0 d---s---- C:\Documents and Settings\Darian.PC120716747189\Application Data\Microsoft 2008-01-17 18:35:40 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Intuit 2008-01-17 18:35:40 0 d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Identities 2008-01-17 18:27:12 0 d---s---- C:\Documents and Settings\Darian\Temporary Internet Files 2008-01-17 18:27:12 0 d---s---- C:\Documents and Settings\Darian\History 2008-01-17 18:27:06 0 d--h----- C:\Documents and Settings\Darian\Templates 2008-01-17 18:27:06 0 dr------- C:\Documents and Settings\Darian\Start Menu 2008-01-17 18:27:06 0 dr-h----- C:\Documents and Settings\Darian\SendTo 2008-01-17 18:27:06 0 dr-h----- C:\Documents and Settings\Darian\Recent 2008-01-17 18:27:06 0 d--h----- C:\Documents and Settings\Darian\PrintHood 2008-01-17 18:27:06 2097152 --ah----- C:\Documents and Settings\Darian\NTUSER.DAT 2008-01-17 18:27:06 0 d--h----- C:\Documents and Settings\Darian\NetHood 2008-01-17 18:27:06 0 dr------- C:\Documents and Settings\Darian\My Documents 2008-01-17 18:27:06 0 d--h----- C:\Documents and Settings\Darian\Local Settings 2008-01-17 18:27:06 0 dr------- C:\Documents and Settings\Darian\Favorites 2008-01-17 18:27:06 0 d-------- C:\Documents and Settings\Darian\Desktop 2008-01-17 18:27:06 0 d---s---- C:\Documents and Settings\Darian\Cookies 2008-01-17 18:27:06 0 dr-h----- C:\Documents and Settings\Darian\Application Data 2008-01-17 18:27:06 0 d---s---- C:\Documents and Settings\Darian\Application Data\Microsoft 2008-01-17 18:27:06 0 d-------- C:\Documents and Settings\Darian\Application Data\Intuit 2008-01-17 18:27:06 0 d-------- C:\Documents and Settings\Darian\Application Data\Identities 2008-01-17 10:32:17 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\MSNInstaller 2008-01-16 21:32:41 0 d-------- C:\WINDOWS\system32\PreInstall 2008-01-16 21  35 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\GTek2008-01-16 16:17:40 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Template 2008-01-16 16:17:38 420 --a------ C:\Documents and Settings\Katrina Dobrolinsky\Application Data\wklnhst.dat 2008-01-16 11:52:47 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\AdobeUM 2008-01-16 11:52:32 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Adobe 2008-01-16 09:21:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-01-16 09:19:08 0 d---s---- C:\Documents and Settings\Katrina Dobrolinsky\UserData 2008-01-15 21:58:57 0 d---s---- C:\Documents and Settings\Katrina Dobrolinsky\Temporary Internet Files 2008-01-15 21:58:57 0 d---s---- C:\Documents and Settings\Katrina Dobrolinsky\History 2008-01-15 21:57:44 0 d--h----- C:\Documents and Settings\Katrina Dobrolinsky\Templates 2008-01-15 21:57:44 0 dr------- C:\Documents and Settings\Katrina Dobrolinsky\Start Menu 2008-01-15 21:57:44 0 dr-h----- C:\Documents and Settings\Katrina Dobrolinsky\SendTo 2008-01-15 21:57:44 0 dr-h----- C:\Documents and Settings\Katrina Dobrolinsky\Recent 2008-01-15 21:57:44 0 d--h----- C:\Documents and Settings\Katrina Dobrolinsky\PrintHood 2008-01-15 21:57:44 0 d--h----- C:\Documents and Settings\Katrina Dobrolinsky\NetHood 2008-01-15 21:57:44 0 dr------- C:\Documents and Settings\Katrina Dobrolinsky\My Documents 2008-01-15 21:57:44 0 d--h----- C:\Documents and Settings\Katrina Dobrolinsky\Local Settings 2008-01-15 21:57:44 0 dr------- C:\Documents and Settings\Katrina Dobrolinsky\Favorites 2008-01-15 21:57:44 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Desktop 2008-01-15 21:57:44 0 d---s---- C:\Documents and Settings\Katrina Dobrolinsky\Cookies 2008-01-15 21:57:44 0 dr-h----- C:\Documents and Settings\Katrina Dobrolinsky\Application Data 2008-01-15 21:57:44 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Intuit 2008-01-15 21:57:44 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Identities 2008-01-15 21:49:16 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Sun 2008-01-15 21:14:56 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Google 2008-01-15 21 58 0 d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Macromedia2008-01-15 15:30:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-15 15:29:52 0 d-------- C:\Program Files\Mozilla Firefox(2) 2008-01-11 07:13:50 0 d-------- C:\Program Files\DivX 2008-01-10 12:17:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-08 22:39:56 0 d-------- C:\Program Files\Picasa2 2008-01-08 22:39:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater -- Find3M Report --------------------------------------------------------------- 2008-02-07 17:19:30 0 d-------- C:\Program Files\Google 2008-02-07 17:17:46 0 d-------- C:\Program Files\Common Files\LightScribe 2008-02-07 13:02:37 0 d-------- C:\Program Files\Common Files 2008-02-07 13:00:40 0 d-------- C:\Program Files\Quicken 2008-02-05 14:16:19 0 d-------- C:\Program Files\Messenger 2008-02-05 13:57:08 0 d-------- C:\Program Files\MSN Messenger 2008-01-25 14:39:55 0 d-------- C:\Program Files\Java 2008-01-21 00:46:21 0 d-------- C:\Program Files\QuickTime 2008-01-17 16:44:32 0 d-------- C:\Program Files\Microsoft Picture It! 9 2008-01-16 08:17:28 0 d-------- C:\Program Files\WildTangent 2008-01-15 22:27:26 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-15 21:14:58 0 d-------- C:\Program Files\Windows NT 2008-01-15 21:10:09 0 d-------- C:\Program Files\Quickensetup 2008-01-15 21:09:39 0 d-------- C:\Program Files\Online Services 2008-01-15 21:08:23 0 d-------- C:\Program Files\NetWaiting 2008-01-15 21:07:46 0 d-------- C:\Program Files\music_now 2008-01-15 21:07:44 0 d-------- C:\Program Files\MSN Encarta Plus 2008-01-15 21:07:41 0 d-------- C:\Program Files\Movie Maker 2008-01-15 21:07:40 0 d-------- C:\Program Files\Microsoft Works 2008-01-15 21:07:00 0 d-------- C:\Program Files\Microsoft Office Trial Wizard 2008-01-15 21 15 0 d-------- C:\Program Files\Microsoft ActiveSync2008-01-15 21:05:47 0 d-------- C:\Program Files\HP Rhapsody 2008-01-15 21:04:00 0 d-------- C:\Program Files\CONEXANT 2008-01-15 21:03:30 0 d-------- C:\Program Files\Common Files\SureThing Shared 2008-01-15 21:03:30 0 d-------- C:\Program Files\Common Files\Sonic Shared 2008-01-11 08:43:38 0 d-------- C:\Program Files\iTunes 2008-01-08 22:48:55 0 d-------- C:\Program Files\iWin Games 2008-01-06 20 26 0 d-------- C:\Program Files\MySpace2007-12-20 11:52:44 0 d-------- C:\Program Files\THQ 2007-12-15 23:00:57 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM] "F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [11/01/2007 05:42 AM] "F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [11/01/2007 05:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/05/2008 10:10 PM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SilkQuit Meter.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SilkQuit Meter.lnk backup=C:\WINDOWS\pss\SilkQuit Meter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darian.PC120716747189^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Darian.PC120716747189\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katrina Dobrolinsky^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Katrina Dobrolinsky\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\65c4b349] rundll32.exe "C:\WINDOWS\system32\fnqkgnxw.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\mlljk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe *Newly Created Service* - RKPAVPROC *Newly Created Service* - SDTHOOK *Newly Created Service* - SIMSACQFHHSU -- End of Deckard's System Scanner: finished at 2008-02-07 18:40:16 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-08-2008, 03:29 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
It looks to me like you've run ComboFix. Is this the case? If so, please post the log from C:\ComboFix.txt
Also, DSS should have produced another log, extra.txt It should be located at C:\Deckard\System Scanner, or in a numbered folder within that location. Please post it also.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 02-08-2008 at 03:30 PM. |
|
|
|
|
02-08-2008, 04:01 PM
|
#4 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
Thank you for your quick response.
Below are the files: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 502.05 MiB / 232.85 MiB Pagefile Memory (total/avail): 1226.32 MiB / 909.29 MiB Virtual Memory (total/avail): 2047.88 MiB / 1943.89 MiB C: is Fixed (NTFS) - 47.86 GiB total, 30.74 GiB free. D: is Fixed (FAT32) - 8.01 GiB total, 0.96 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST96812AS - 55.9 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 47.86 GiB - C: \PARTITION1 - Unknown - 8.03 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Charter High-Speed Security Suite 7.03 v7.03 (F-Secure Corporation) AV: Charter High-Speed Security Suite 7.03 v7.03 (F-Secure Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Katrina Dobrolinsky\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC120716747189 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Katrina Dobrolinsky LOGONSERVER=\\PC120716747189 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem" PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PCTYPE=PRESARIO PLATFORM=MCD PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\KATRIN~1\LOCALS~1\Temp TMP=C:\DOCUME~1\KATRIN~1\LOCALS~1\Temp USERDOMAIN=PC120716747189 USERNAME=Katrina Dobrolinsky USERPROFILE=C:\Documents and Settings\Katrina Dobrolinsky windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Katrina Dobrolinsky (admin) Darian.PC120716747189 (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" Charter High-Speed Security Suite --> "C:\Program Files\Charter High-Speed Security Suite\FSGUI\PostInstall.exe" /tUnInstall CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ICPL30A5a.INF Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033 GIMPshop .1 beta --> C:\Program Files\GIMPshop\uninst.exe Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} HP Quick Launch Buttons 6.00 E2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly HP User Guides 0019 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E74E3D81-773B-4DCF-B706-50236F80BD81}\setup.exe" -l0x9 -removeonly HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall Intel(R) PRO Network Connections Drivers --> Prounstl.exe J2SE Development Kit 5.0 Update 14 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150140} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Office Excel 2003 --> MsiExec.exe /I{90160409-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Photo Premium 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903} Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9 NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel -S Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SilkQuit v2.60 --> "C:\Program Files\valecam\SilkQuit\unins000.exe" SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708} Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly -- Application Event Log ------------------------------------------------------- Event Record #/Type7148 / Error Event Submitted/Written: 02/06/2008 03:38:10 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 5 2008-02-06 15:38:10-05:00 pc120716747189 PC120716747189\Katrina Dobrolinsky F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Downloader.Win32.PopCap Object: C:\WINDOWS\Downloaded Program Files\popcaploader.dll Event Record #/Type7145 / Error Event Submitted/Written: 02/06/2008 02:29:37 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 4 2008-02-06 14:29:37-05:00 pc120716747189 PC120716747189\Katrina Dobrolinsky F-Secure Anti-Virus Malicious code found in file C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP19\A0005859.exe. Infection: Virus.Win32.Trats.d Action: failed. Event Record #/Type7144 / Error Event Submitted/Written: 02/06/2008 02:29:36 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 3 2008-02-06 14:29:36-05:00 pc120716747189 PC120716747189\Katrina Dobrolinsky F-Secure Anti-Virus Malicious code found in file C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP19\A0005857.exe. Infection: Virus.Win32.Trats.d Action: The file was disinfected. Event Record #/Type7143 / Error Event Submitted/Written: 02/06/2008 02:29:34 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 2 2008-02-06 14:29:34-05:00 pc120716747189 PC120716747189\Katrina Dobrolinsky F-Secure Anti-Virus Malicious code found in file C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP19\A0005842.exe. Infection: Virus.Win32.Trats.d Action: The file was disinfected. Event Record #/Type7140 / Error Event Submitted/Written: 02/06/2008 02:24:29 PM Event ID/Source: 103 / F-Secure Anti-Virus Event Description: 1 2008-02-06 14:24:28-05:00 pc120716747189 PC120716747189\Katrina Dobrolinsky F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SENS.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress). -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type6711 / Error Event Submitted/Written: 02/06/2008 02:24:25 PM Event ID/Source: 1 / F-Secure Gatekeeper Event Description: \Device\HarddiskVolume1\WINDOW...sens.dll Event Record #/Type6601 / Error Event Submitted/Written: 02/05/2008 09:59:27 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type6599 / Error Event Submitted/Written: 02/05/2008 09:40:04 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Event Record #/Type6598 / Error Event Submitted/Written: 02/05/2008 09:40:04 PM Event ID/Source: 7001 / Service Control Manager Event Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Event Record #/Type6597 / Error Event Submitted/Written: 02/05/2008 09:40:04 PM Event ID/Source: 7001 / Service Control Manager Event Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 -- End of Deckard's System Scanner: finished at 2008-02-06 15:39:44 ------------ ComboFix 08-02.05.3 - Katrina Dobrolinsky 2008-02-05 16:03:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT -6:00] Running from: C:\Documents and Settings\Katrina Dobrolinsky\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\icroso~1.net C:\WINDOWS\icroso~1.net\?icrosoft.NET\ C:\WINDOWS\icroso~1.net\nopdb.exe C:\WINDOWS\system32\ctwnjmqf.ini C:\WINDOWS\system32\hifhotft.ini C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\kjllm.ini2 C:\WINDOWS\system32\pdxymgye.ini C:\WINDOWS\system32\RCX11.tmp C:\WINDOWS\system32\RCX12.tmp C:\WINDOWS\system32\RCX14.tmp C:\WINDOWS\system32\RCX16.tmp C:\WINDOWS\system32\RCX17.tmp C:\WINDOWS\system32\RCX1C.tmp C:\WINDOWS\system32\RCX35.tmp C:\WINDOWS\system32\RCX42.tmp C:\WINDOWS\system32\RCX6.tmp C:\WINDOWS\system32\RCXA.tmp C:\WINDOWS\system32\RCXC.tmp C:\WINDOWS\system32\RCXD.tmp C:\WINDOWS\system32\RCXF.tmp D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))) . 2008-02-05 14:00 . 2008-02-05 14:14 333,312 --a------ C:\WINDOWS\system32\mlljk.exe 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\VundoFix Backups 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\vongo 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\SDFix 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Zappit 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Kaneva 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Common Files\Intuit 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Azureus 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\HJT 2008-02-05 13:56 . 2008-02-05 14:18 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\AVG7 2008-02-05 13:56 . 2008-02-05 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-05 12:34 . 2008-02-05 13:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy(2) 2008-02-05 12:25 . 2008-02-05 12:25 <DIR> d-------- C:\Program Files\Trend Micro(2) 2008-02-05 11:20 . 2008-02-05 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 11:19 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite 2008-02-05 11:19 . 2008-02-05 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-02-04 19:55 . 2008-02-05 13:57 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Contacts 2008-02-02 18:14 . 2008-02-02 18:14 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\HP 2008-01-25 14:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-25 14:36 . 2008-01-25 14:38 671 --a------ C:\WINDOWS\mozver.dat 2008-01-25 14:33 . 2008-01-25 14:33 <DIR> d-------- C:\Program Files\valecam 2008-01-25 14:33 . 2008-01-31 12:39 6,326 --a------ C:\WINDOWS\silkquit.ini 2008-01-24 12:47 . 2008-01-24 12:47 <DIR> d-------- C:\Program Files\CleanUp! 2008-01-21 01:13 . 2008-01-21 01:13 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Apple Computer 2008-01-20 11:52 . 2008-01-20 11:52 132,608 --a------ C:\VundoFix.exe 2008-01-19 17:21 . 2008-01-19 17:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-19 17:16 . 2008-02-05 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-19 16:04 . 2008-01-19 16:04 6,026,816 --a------ C:\Program Files\Firefox Setup 2.0.0.11.exe 2008-01-19 15:53 . 2008-01-19 16:01 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\.gimp-2.2 2008-01-19 15:52 . 2008-01-19 15:53 <DIR> d-------- C:\Program Files\GIMPshop 2008-01-19 13:13 . 2008-01-19 13:13 164 --a------ C:\install.dat 2008-01-19 13:03 . 2008-01-19 13:03 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\UserData 2008-01-18 22:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-18 22:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-18 22:37 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-18 22:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-18 22:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-18 22:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-18 22:23 . 2008-01-19 12:31 1,594 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-18 18:53 . 2008-01-18 18:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-01-18 18:51 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-01-18 14:34 . 2006-08-14 14:37 155,648 --a------ C:\WINDOWS\system32\igfxres.dll 2008-01-18 14:34 . 2008-01-19 12:36 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe 2008-01-18 14:34 . 2008-01-18 22:35 98,304 --a------ C:\WINDOWS\system32\igfxtray .exe 2008-01-18 14:34 . 2008-01-19 12:36 94,208 --a------ C:\WINDOWS\system32\igfxpers .exe 2008-01-18 14:30 . 2008-01-18 14:31 <DIR> d-------- C:\W30A5F24 2008-01-18 14:30 . 2008-01-18 14:30 <DIR> d-------- C:\Program Files\SP37159 2008-01-18 14:26 . 2005-11-03 08:31 1,902 --a------ C:\WINDOWS\system32\SetupBD.din 2008-01-17 19:40 . 2008-01-17 19:40 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\OfficeUpdate12 2008-01-17 18:56 . 2006-08-21 03:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-01-17 18:56 . 2006-08-21 03:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-01-17 18:56 . 2006-08-21 06:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-01-17 18:35 . 2008-01-17 18:35 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\Temporary Internet Files 2008-01-17 18:35 . 2008-01-17 18:35 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\History 2008-01-17 18:35 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Intuit 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\Temporary Internet Files 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\History 2008-01-17 10:32 . 2008-01-17 10:32 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\MSNInstaller 2008-01-17 06:42 . 2006-06-21 23:06 1,435,648 --------- C:\WINDOWS\system32\dllcache\query.dll 2008-01-17 06:41 . 2006-10-19 07:56 713,216 --------- C:\WINDOWS\system32\dllcache\sxs.dll 2008-01-17 06:41 . 2006-08-25 09:45 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll 2008-01-17 06:41 . 2007-11-14 01:26 450,560 --------- C:\WINDOWS\system32\dllcache\jscript.dll 2008-01-17 06:41 . 2006-06-26 11:37 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-01-17 06:41 . 2007-04-25 08:21 144,896 --------- C:\WINDOWS\system32\dllcache\schannel.dll 2008-01-17 06:41 . 2006-05-19 06:59 111,616 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll 2008-01-17 06:41 . 2006-05-19 06:59 94,720 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll 2008-01-17 06:40 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-01-17 06:40 . 2007-01-23 13:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-01-17 06:40 . 2006-05-05 03:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-01-17 06:40 . 2006-05-05 03:47 174,592 --------- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-01-16 21:06 . 2008-01-16 21:06 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\GTek 2008-01-16 21:06 . 2008-01-16 21:06 43,452 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2008-01-16 19:00 . 2007-10-30 11:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-01-16 19:00 . 2006-06-22 04:47 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll 2008-01-16 18:59 . 2006-12-19 12:16 333,824 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-01-16 18:37 . 2007-10-25 21:36 8,454,656 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-01-16 18:37 . 2007-02-09 05:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-01-16 18:37 . 2006-12-19 15:52 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-01-16 18:37 . 2006-07-21 02:24 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll 2008-01-16 16:17 . 2008-01-16 16:17 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Template 2008-01-16 16:17 . 2008-01-23 12:54 420 --a------ C:\Documents and Settings\Katrina Dobrolinsky\Application Data\wklnhst.dat 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-16 11:52 . 2008-01-16 11:52 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\AdobeUM 2008-01-16 09:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-16 09:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-16 09:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-01-16 09:21 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-01-16 09:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-01-16 09:21 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-01-16 09:21 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-01-16 09:19 . 2008-01-16 09:19 <DIR> d---s---- C:\Documents and Settings\Katrina Dobrolinsky\UserData 2008-01-15 21:58 . 2008-02-05 10:18 <DIR> d--h----- C:\Documents and Settings\Katrina Dobrolinsky\Temporary Internet Files 2008-01-15 21:58 . 2008-01-15 21:58 <DIR> d--h----- C:\Documents and Settings\Katrina Dobrolinsky\History 2008-01-15 21:58 . 2008-01-15 21:58 1,706 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ430UA#ABA)_YN_0Pres_QCND6252C2N_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#080115_N14E44311_(EZ430UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 19:57 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:56 --------- d-----w C:\Program Files\Quicken 2008-02-05 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-25 20:39 --------- d-----w C:\Program Files\Java 2008-01-21 06:46 --------- d-----w C:\Program Files\QuickTime 2008-01-17 22:44 --------- d-----w C:\Program Files\Microsoft Picture It! 9 2008-01-16 14:17 --------- d-----w C:\Program Files\WildTangent 2008-01-16 04:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-16 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-16 03:58 1,706 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ430UA#ABA)_YN_0Pres_QCND6252C2N_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#080115_N14E44311_(EZ430UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK 2008-01-16 03:26 --------- d-----w C:\Program Files\Google 2008-01-16 03:10 --------- d-----w C:\Program Files\Quickensetup 2008-01-16 03:08 --------- d-----w C:\Program Files\NetWaiting 2008-01-16 03:07 --------- d-----w C:\Program Files\music_now 2008-01-16 03:07 --------- d-----w C:\Program Files\MSN Encarta Plus 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Works 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard 2008-01-16 03:06 --------- d-----w C:\Program Files\Microsoft Money 2006 2008-01-16 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-16 03:05 --------- d-----w C:\Program Files\HP Rhapsody 2008-01-16 03:04 --------- d-----w C:\Program Files\CONEXANT 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-01-16 03:02 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-01-16 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-01-15 22:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 14:43 --------- d-----w C:\Program Files\iTunes 2008-01-09 04:48 --------- d-----w C:\Program Files\iWin Games 2008-01-07 02:06 --------- d-----w C:\Program Files\MySpace 2007-12-27 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games 2007-12-25 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse 2007-12-20 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spadester 2007-12-20 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap 2007-12-20 17:52 --------- d-----w C:\Program Files\THQ 2007-12-17 01:39 --------- d-----w C:\Program Files\Unlocker 2007-12-16 05:00 --------- d-----w C:\Program Files\Common Files\Adobe 2007-05-16 19:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-01-15 17:34 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2006-10-22 03:26 122 --sha-r C:\WINDOWS\Regbak.dat . Code:
<pre> ----a-w 50,688 2008-01-17 23:54:05 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe ----a-w 171,448 2008-01-19 23:21:19 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe ----a-w 579,072 2008-02-05 20:14:36 C:\Program Files\Grisoft\AVG7\avgcc .exe ----a-w 219,136 2008-02-05 20:15:08 C:\Program Files\Grisoft\AVG7\avgw .exe ----a-w 454,656 2008-01-18 22:25:24 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe ----a-w 1,694,208 2008-01-19 22:20:17 C:\Program Files\Messenger\msmsgs .exe ----a-w 286,720 2008-01-13 08:46:27 C:\Program Files\QuickTime\qttask .exe ----a-w 114,688 2008-01-19 18:36:59 C:\WINDOWS\system32\hkcmd .exe ----a-w 94,208 2008-01-19 18:36:59 C:\WINDOWS\system32\igfxpers .exe ----a-w 98,304 2008-01-19 04:35:45 C:\WINDOWS\system32\igfxtray .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-05 14:14 635904] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SilkQuit Meter.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SilkQuit Meter.lnk backup=C:\WINDOWS\pss\SilkQuit Meter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Darian.PC120716747189^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Darian.PC120716747189\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Katrina Dobrolinsky^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Katrina Dobrolinsky\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\65c4b349] C:\WINDOWS\system32\eygmyxdp.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-02-05 14:14 1110016 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] --a------ 2006-02-22 09:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2006-04-18 05:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] --a------ 2008-02-05 14:14 333312 C:\WINDOWS\system32\mlljk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2008-01-06 14:16 390144 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2006-03-07 14:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2006-04-11 22:54 102400 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] --a------ 2005-10-11 11:23 1187840 C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-20 12:58 532480 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 23:46 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-05 16:25:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe . ************************************************************************** . Completion time: 2008-02-05 16:27:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-05 22:27:45 |
|
|
|
|
02-08-2008, 06:08 PM
|
#5 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Quote:
This machine does not have the Windows XP Recovery Console installed. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Please do this: Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System  For you, it is: Microsoft Windows XP Home Edition Service Pack 2 Use this link: http://www.microsoft.com/downloads/d...displaylang=en Download the file & save it as it's originally named, next to ComboFix.exe.  Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper. When complete, a log named CF_RC.txt will open. Please post the contents of that log. Please do not reboot your machine until we have reviewed the log.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
02-08-2008, 06:56 PM
|
#6 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
Okay, hopefully I did this right. I was getting a google redirect notice and my antivirus was popping up.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons |
|
|
|
|
02-08-2008, 07:04 PM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
You did just fine...
Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-08-2008, 07:07 PM
|
#8 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Just to be clear....
AVG is no longer your AntiVirus solution, correct? You're using Charter's F-Secure?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-08-2008, 07:10 PM
|
#9 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
I think I should mention that I believe I ran combo fix and then I deleted AVG and downloaded the Charter Antvirus. I should have asked if you wanted me to run a new combofix log seeing I made changes after that log.
This is the file virustotal produced. 0 bytes size received / Se ha recibido un archivo vacio |
|
|
|
|
02-08-2008, 07:16 PM
|
#10 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
The machine can reboot as needed now...
No, don't run ComboFix again....until this next step.... Here's what happened with AVG... You have the latest version of the Vundo infection. It is a file infector, and replaces many legit exe files in startup. It's possible these applications will need to be reinstalled. AVG was one of the casualties, but since it's been uninstalled, it's no longer a major concern....however, there are some remnant files from that infected AVG remaining, which we will remove. --------------------------------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
02-08-2008, 07:42 PM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
Okay, here it is. And, btw, thank you.
ComboFix 08-02.05.3 - Katrina Dobrolinsky 2008-02-08 20:27:23.2 - NTFSx86 Running from: C:\Documents and Settings\Katrina Dobrolinsky\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Katrina Dobrolinsky\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\mlljk.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Grisoft C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgcc .exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgw .exe C:\VundoFix Backups C:\VundoFix Backups\kjllm.ini.bad C:\VundoFix Backups\kjllm.ini2.bad C:\WINDOWS\system32\oqtdcnxm.ini C:\WINDOWS\system32\wxngkqnf.ini . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 19:54 . 2004-08-03 23:00 260,272 --a------ C:\cmldr 2008-02-08 15:45 . 2008-02-08 15:45 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\HP 2008-02-08 15:32 . 2008-02-08 15:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-08 15:32 . 2008-02-08 15:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 18:35 . 2008-02-07 18:35 <DIR> d-------- C:\ie-spyad_zo 2008-02-07 16:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-07 16:41 . 2008-02-07 18:11 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-07 16:41 . 2008-02-07 16:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-07 16:41 . 2008-02-07 16:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-07 16:41 . 2008-02-07 16:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-06 23:49 . 2008-02-06 23:49 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\F-Secure 2008-02-06 20:54 . 2008-02-06 20:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-06 20:54 . 2008-02-06 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-05 19:50 . 2007-11-01 05:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 19:50 . 2007-11-01 05:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 19:30 . 2008-02-05 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-05 16:02 . 2004-08-04 15:00 388,608 --a------ C:\kmd.exe 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\vongo 2008-02-05 13:56 . 2008-02-05 19:22 <DIR> d-------- C:\SDFix 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Zappit 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Kaneva 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Azureus 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\HJT 2008-02-05 12:34 . 2008-02-05 13:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy(2) 2008-02-05 12:25 . 2008-02-05 12:25 <DIR> d-------- C:\Program Files\Trend Micro(2) 2008-02-05 11:20 . 2008-02-05 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 11:19 . 2008-02-07 12:28 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite 2008-02-05 11:19 . 2008-02-07 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-02-04 19:55 . 2008-02-05 13:57 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Contacts 2008-02-02 18:14 . 2008-02-02 18:14 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\HP 2008-01-25 14:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-25 14:36 . 2008-01-25 14:38 671 --a------ C:\WINDOWS\mozver.dat 2008-01-25 14:33 . 2008-01-25 14:33 <DIR> d-------- C:\Program Files\valecam 2008-01-25 14:33 . 2008-01-31 12:39 6,326 --a------ C:\WINDOWS\silkquit.ini 2008-01-24 12:47 . 2008-01-24 12:47 <DIR> d-------- C:\Program Files\CleanUp! 2008-01-21 01:13 . 2008-01-21 01:13 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Apple Computer 2008-01-20 11:52 . 2008-01-20 11:52 132,608 --a------ C:\VundoFix.exe 2008-01-19 16:04 . 2008-01-19 16:04 6,026,816 --a------ C:\Program Files\Firefox Setup 2.0.0.11.exe 2008-01-19 15:53 . 2008-01-19 16:01 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\.gimp-2.2 2008-01-19 15:52 . 2008-01-19 15:53 <DIR> d-------- C:\Program Files\GIMPshop 2008-01-19 13:13 . 2008-01-19 13:13 164 --a------ C:\install.dat 2008-01-19 13:03 . 2008-01-19 13:03 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\UserData 2008-01-18 22:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-18 22:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-18 22:37 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-18 22:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-18 22:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-18 22:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-18 22:23 . 2008-01-19 12:31 1,594 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-18 18:53 . 2008-01-18 18:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-01-18 18:51 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-01-18 14:34 . 2006-08-14 14:37 155,648 --a------ C:\WINDOWS\system32\igfxres.dll 2008-01-18 14:34 . 2008-01-19 12:36 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe 2008-01-18 14:34 . 2008-01-18 22:35 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-01-18 14:34 . 2008-01-19 12:36 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe 2008-01-18 14:30 . 2008-01-18 14:31 <DIR> d-------- C:\W30A5F24 2008-01-18 14:30 . 2008-01-18 14:30 <DIR> d-------- C:\Program Files\SP37159 2008-01-18 14:26 . 2005-11-03 08:31 1,902 --a------ C:\WINDOWS\system32\SetupBD.din 2008-01-17 19:40 . 2008-01-17 19:40 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\OfficeUpdate12 2008-01-17 18:56 . 2006-08-21 03:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-01-17 18:56 . 2006-08-21 03:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-01-17 18:56 . 2006-08-21 06:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-01-17 18:35 . 2008-02-06 18:42 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\Temporary Internet Files 2008-01-17 18:35 . 2008-01-17 18:35 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\History 2008-01-17 18:35 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Intuit 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\Temporary Internet Files 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\History 2008-01-17 10:32 . 2008-01-17 10:32 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\MSNInstaller 2008-01-17 06:42 . 2006-06-21 23:06 1,435,648 --------- C:\WINDOWS\system32\dllcache\query.dll 2008-01-17 06:41 . 2006-10-19 07:56 713,216 --------- C:\WINDOWS\system32\dllcache\sxs.dll 2008-01-17 06:41 . 2006-08-25 09:45 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll 2008-01-17 06:41 . 2007-11-14 01:26 450,560 --------- C:\WINDOWS\system32\dllcache\jscript.dll 2008-01-17 06:41 . 2006-06-26 11:37 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-01-17 06:41 . 2007-04-25 08:21 144,896 --------- C:\WINDOWS\system32\dllcache\schannel.dll 2008-01-17 06:41 . 2006-05-19 06:59 111,616 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll 2008-01-17 06:41 . 2006-05-19 06:59 94,720 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll 2008-01-17 06:40 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-01-17 06:40 . 2007-01-23 13:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-01-17 06:40 . 2006-05-05 03:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-01-17 06:40 . 2006-05-05 03:47 174,592 --------- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-01-16 21:06 . 2008-01-16 21:06 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\GTek 2008-01-16 21:06 . 2008-01-16 21:06 43,452 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2008-01-16 19:00 . 2007-10-30 11:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-01-16 19:00 . 2006-06-22 04:47 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll 2008-01-16 18:59 . 2006-12-19 12:16 333,824 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-01-16 18:37 . 2007-10-25 21:36 8,454,656 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-01-16 18:37 . 2007-02-09 05:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-01-16 18:37 . 2006-12-19 15:52 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-01-16 18:37 . 2006-07-21 02:24 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll 2008-01-16 16:17 . 2008-01-16 16:17 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Template 2008-01-16 16:17 . 2008-01-23 12:54 420 --a------ C:\Documents and Settings\Katrina Dobrolinsky\Application Data\wklnhst.dat 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-16 11:52 . 2008-01-16 11:52 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\AdobeUM 2008-01-16 09:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-16 09:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 02:27 --------- d-----w C:\Program Files\QuickTime 2008-02-07 23:19 --------- d-----w C:\Program Files\Google 2008-02-07 23:17 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-02-07 19:00 --------- d-----w C:\Program Files\Quicken 2008-02-05 19:57 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-25 20:39 --------- d-----w C:\Program Files\Java 2008-01-17 22:44 --------- d-----w C:\Program Files\Microsoft Picture It! 9 2008-01-16 14:17 --------- d-----w C:\Program Files\WildTangent 2008-01-16 04:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-16 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-16 03:58 1,706 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ430UA#ABA)_YN_0Pres_QCND6252C2N_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#080115_N14E44311_(EZ430UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK 2008-01-16 03:10 --------- d-----w C:\Program Files\Quickensetup 2008-01-16 03:08 --------- d-----w C:\Program Files\NetWaiting 2008-01-16 03:07 --------- d-----w C:\Program Files\music_now 2008-01-16 03:07 --------- d-----w C:\Program Files\MSN Encarta Plus 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Works 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard 2008-01-16 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-16 03:05 --------- d-----w C:\Program Files\HP Rhapsody 2008-01-16 03:04 --------- d-----w C:\Program Files\CONEXANT 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-01-16 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-01-16 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-15 22:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 14:43 --------- d-----w C:\Program Files\iTunes 2008-01-09 12:20 --------- d-----w C:\Program Files\Picasa2 2008-01-09 04:48 --------- d-----w C:\Program Files\iWin Games 2008-01-09 04:32 17,464,248 ----a-w C:\Program Files\IE7Setup_G.exe 2008-01-07 02:06 --------- d-----w C:\Program Files\MySpace 2007-12-27 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games 2007-12-25 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse 2007-12-20 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spadester 2007-12-20 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap 2007-12-20 17:52 --------- d-----w C:\Program Files\THQ 2007-12-17 01:39 --------- d-----w C:\Program Files\Unlocker 2007-12-16 05:00 --------- d-----w C:\Program Files\Common Files\Adobe 2007-05-16 19:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-01-15 17:34 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2006-10-22 03:26 122 --sha-r C:\WINDOWS\Regbak.dat . Code:
<pre> ----a-w 182,936 2008-02-06 02:53:33 C:\Program Files\Charter High-Speed Security Suite\Common\FSM32 .EXE ----a-w 739,936 2008-02-06 02:53:36 C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-05 22:01 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-13 02:46 286720] "F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [2007-11-01 05:42 182936] "F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2007-11-01 05:42 739936] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SilkQuit Meter.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SilkQuit Meter.lnk backup=C:\WINDOWS\pss\SilkQuit Meter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Darian.PC120716747189^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Darian.PC120716747189\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Katrina Dobrolinsky^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Katrina Dobrolinsky\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] --a------ 2006-02-22 09:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2007-11-01 05:42 182936 C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2007-11-01 05:42 739936 C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2006-04-18 05:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2008-01-19 12:36 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2008-01-18 16:25 454656 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2008-01-19 12:36 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2008-01-19 12:36 94208 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2008-01-18 22:35 98304 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2008-01-17 17:54 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-01-19 16:20 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2008-01-19 12:36 94208 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2006-03-07 14:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2006-04-11 22:54 102400 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-13 02:46 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] --a------ 2005-10-11 11:23 1187840 C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-02-05 22:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 23:46 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 05:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2007-11-01 05:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 05:42] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 05:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 05:42] . Contents of the 'Scheduled Tasks' folder "2008-02-09 00:01:39 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\CHARTE~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 20:34:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe . ************************************************************************** . Completion time: 2008-02-08 20:39:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-09 02:39:16 ComboFix2.txt 2008-02-05 22:27:48 |
|
|
|
|
02-08-2008, 07:42 PM
|
#13 (permalink) | ||
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Are we cross posting?
I'm confused about the question. please perform the steps in my last post. Allow the machine to reboot as required. This comment: Quote:
Quote:
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
||
|
|
|
|
02-08-2008, 07:44 PM
|
#14 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
*sigh*
Please ignore my last comments, as you've already done what I wanted to be done.  I'll have the next steps for you shortly.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-08-2008, 07:47 PM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-08-2008, 08:00 PM
|
#16 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
Results of the first file:
File FSM32_.EXE received on 02.09.2008 03:51:27 (CET)Antivirus Version Last Update Result AhnLab-V3 2008.2.6.10 2008.02.05 - AntiVir 7.6.0.62 2008.02.08 - Authentium 4.93.8 2008.02.08 - Avast 4.7.1098.0 2008.02.08 - AVG 7.5.0.516 2008.02.08 - BitDefender 7.2 2008.02.09 - CAT-QuickHeal None 2008.02.08 - ClamAV 0.92 2008.02.09 - DrWeb 4.44.0.09170 2008.02.08 - eSafe 7.0.15.0 2008.01.28 - eTrust-Vet 31.3.5522 2008.02.08 - Ewido 4.0 2008.02.08 - FileAdvisor 1 2008.02.09 - Fortinet 3.14.0.0 2008.02.08 - F-Prot 4.4.2.54 2008.02.08 - F-Secure 6.70.13260.0 2008.02.08 - Ikarus T3.1.1.20 2008.02.09 - Kaspersky 7.0.0.125 2008.02.09 - McAfee 5226 2008.02.08 - Microsoft 1.3204 2008.02.09 - NOD32v2 2860 2008.02.08 - Norman 5.80.02 2008.02.08 - Panda 9.0.0.4 2008.02.08 - Prevx1 V2 2008.02.09 - Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.09 - Sunbelt 2.2.907.0 2008.02.08 - Symantec 10 2008.02.09 - TheHacker 6.2.9.213 2008.02.09 - VBA32 3.12.6.0 2008.02.09 - VirusBuster 4.3.26:9 2008.02.08 - Webwasher-Gateway 6.6.2 2008.02.09 - Additional information File size: 182936 bytes MD5: 28cd0a379db1ee8c20b04b8ee5ffaf14 SHA1: c0d815ceaf282a10a6bbff1a74b631f22c92dfd8 PEiD: Armadillo v1.71 |
|
|
|
|
02-08-2008, 08:17 PM
|
#17 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
Holy cow, that was slow. Here's the 2nd file.
File TNBUtil_.exe received on 02.09.2008 04:10:33 (CET)Antivirus Version Last Update Result AhnLab-V3 2008.2.6.10 2008.02.05 - AntiVir 7.6.0.62 2008.02.08 - Authentium 4.93.8 2008.02.08 - Avast 4.7.1098.0 2008.02.08 - AVG 7.5.0.516 2008.02.08 - BitDefender 7.2 2008.02.09 - CAT-QuickHeal None 2008.02.08 - ClamAV 0.92 2008.02.09 - DrWeb 4.44.0.09170 2008.02.08 - eSafe 7.0.15.0 2008.01.28 - eTrust-Vet 31.3.5522 2008.02.08 - Ewido 4.0 2008.02.08 - FileAdvisor 1 2008.02.09 - Fortinet 3.14.0.0 2008.02.08 - F-Prot 4.4.2.54 2008.02.08 - F-Secure 6.70.13260.0 2008.02.08 - Ikarus T3.1.1.20 2008.02.09 - Kaspersky 7.0.0.125 2008.02.09 - McAfee 5226 2008.02.08 - Microsoft 1.3204 2008.02.09 - NOD32v2 2861 2008.02.09 - Norman 5.80.02 2008.02.08 - Panda 9.0.0.4 2008.02.08 - Prevx1 V2 2008.02.09 - Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.09 - Sunbelt 2.2.907.0 2008.02.08 - Symantec 10 2008.02.09 - TheHacker 6.2.9.213 2008.02.09 - VBA32 3.12.6.0 2008.02.09 - VirusBuster 4.3.26:9 2008.02.08 - Webwasher-Gateway 6.6.2 2008.02.09 - Additional information File size: 739936 bytes MD5: 4b25bcaa059d57738b4f7cbbf503685f SHA1: f4c230d4ef1d43113d10bb529e126e2d3143bc64 PEiD: - |
|
|
|
|
02-08-2008, 08:36 PM
|
#18 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
02-08-2008, 08:54 PM
|
#19 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 27
OS: win xp
|
Re: Virus.Win32.Trats.d
The latest log:
ComboFix 08-02.05.3 - Katrina Dobrolinsky 2008-02-08 21:40:37.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -6:00] Running from: C:\Documents and Settings\Katrina Dobrolinsky\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Katrina Dobrolinsky\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 19:54 . 2004-08-03 23:00 260,272 --a------ C:\cmldr 2008-02-08 16:57 . 2004-08-04 15:00 388,608 --a------ C:\kmd.exe 2008-02-08 15:45 . 2008-02-08 15:45 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\HP 2008-02-08 15:32 . 2008-02-08 15:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-08 15:32 . 2008-02-08 15:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 18:35 . 2008-02-07 18:35 <DIR> d-------- C:\ie-spyad_zo 2008-02-07 16:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-07 16:41 . 2008-02-07 18:11 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-07 16:41 . 2008-02-07 16:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-07 16:41 . 2008-02-07 16:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-07 16:41 . 2008-02-07 16:41 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-06 23:49 . 2008-02-06 23:49 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\F-Secure 2008-02-06 20:54 . 2008-02-06 20:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-06 20:54 . 2008-02-06 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-05 19:50 . 2007-11-01 05:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 19:50 . 2007-11-01 05:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 19:30 . 2008-02-05 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\vongo 2008-02-05 13:56 . 2008-02-05 19:22 <DIR> d-------- C:\SDFix 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Zappit 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Kaneva 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\Program Files\Azureus 2008-02-05 13:56 . 2008-02-05 13:56 <DIR> d-------- C:\HJT 2008-02-05 12:34 . 2008-02-05 13:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy(2) 2008-02-05 12:25 . 2008-02-05 12:25 <DIR> d-------- C:\Program Files\Trend Micro(2) 2008-02-05 11:20 . 2008-02-05 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 11:19 . 2008-02-07 12:28 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite 2008-02-05 11:19 . 2008-02-07 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-02-04 19:55 . 2008-02-05 13:57 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Contacts 2008-02-02 18:14 . 2008-02-02 18:14 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\HP 2008-01-25 14:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-25 14:36 . 2008-01-25 14:38 671 --a------ C:\WINDOWS\mozver.dat 2008-01-25 14:33 . 2008-01-25 14:33 <DIR> d-------- C:\Program Files\valecam 2008-01-25 14:33 . 2008-01-31 12:39 6,326 --a------ C:\WINDOWS\silkquit.ini 2008-01-24 12:47 . 2008-01-24 12:47 <DIR> d-------- C:\Program Files\CleanUp! 2008-01-21 01:13 . 2008-01-21 01:13 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Apple Computer 2008-01-20 11:52 . 2008-01-20 11:52 132,608 --a------ C:\VundoFix.exe 2008-01-19 16:04 . 2008-01-19 16:04 6,026,816 --a------ C:\Program Files\Firefox Setup 2.0.0.11.exe 2008-01-19 15:53 . 2008-01-19 16:01 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\.gimp-2.2 2008-01-19 15:52 . 2008-01-19 15:53 <DIR> d-------- C:\Program Files\GIMPshop 2008-01-19 13:13 . 2008-01-19 13:13 164 --a------ C:\install.dat 2008-01-19 13:03 . 2008-01-19 13:03 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\UserData 2008-01-18 22:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-18 22:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-18 22:37 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-18 22:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-18 22:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-18 22:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-18 22:23 . 2008-01-19 12:31 1,594 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-18 18:53 . 2008-01-18 18:53 <DIR> d-------- C:\WINDOWS\ERUNT 2008-01-18 18:51 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-01-18 14:34 . 2006-08-14 14:37 155,648 --a------ C:\WINDOWS\system32\igfxres.dll 2008-01-18 14:34 . 2008-01-19 12:36 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe 2008-01-18 14:34 . 2008-01-18 22:35 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-01-18 14:34 . 2008-01-19 12:36 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe 2008-01-18 14:30 . 2008-01-18 14:31 <DIR> d-------- C:\W30A5F24 2008-01-18 14:30 . 2008-01-18 14:30 <DIR> d-------- C:\Program Files\SP37159 2008-01-18 14:26 . 2005-11-03 08:31 1,902 --a------ C:\WINDOWS\system32\SetupBD.din 2008-01-17 19:40 . 2008-01-17 19:40 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\OfficeUpdate12 2008-01-17 18:56 . 2006-08-21 03:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-01-17 18:56 . 2006-08-21 03:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-01-17 18:56 . 2006-08-21 06:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-01-17 18:35 . 2008-02-08 20:39 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\Temporary Internet Files 2008-01-17 18:35 . 2008-01-17 18:35 <DIR> d---s---- C:\Documents and Settings\Darian.PC120716747189\History 2008-01-17 18:35 . 2008-01-15 20:59 <DIR> d-------- C:\Documents and Settings\Darian.PC120716747189\Application Data\Intuit 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\Temporary Internet Files 2008-01-17 18:27 . 2008-01-17 18:27 <DIR> d---s---- C:\Documents and Settings\Darian\History 2008-01-17 10:32 . 2008-01-17 10:32 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\MSNInstaller 2008-01-17 06:42 . 2006-06-21 23:06 1,435,648 --------- C:\WINDOWS\system32\dllcache\query.dll 2008-01-17 06:41 . 2006-10-19 07:56 713,216 --------- C:\WINDOWS\system32\dllcache\sxs.dll 2008-01-17 06:41 . 2006-08-25 09:45 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll 2008-01-17 06:41 . 2007-11-14 01:26 450,560 --------- C:\WINDOWS\system32\dllcache\jscript.dll 2008-01-17 06:41 . 2006-06-26 11:37 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-01-17 06:41 . 2007-04-25 08:21 144,896 --------- C:\WINDOWS\system32\dllcache\schannel.dll 2008-01-17 06:41 . 2006-05-19 06:59 111,616 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll 2008-01-17 06:41 . 2006-05-19 06:59 94,720 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll 2008-01-17 06:40 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-01-17 06:40 . 2007-01-23 13:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-01-17 06:40 . 2006-05-05 03:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-01-17 06:40 . 2006-05-05 03:47 174,592 --------- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-01-16 21:06 . 2008-01-16 21:06 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\GTek 2008-01-16 21:06 . 2008-01-16 21:06 43,452 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2008-01-16 19:00 . 2007-10-30 11:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-01-16 19:00 . 2006-06-22 04:47 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll 2008-01-16 18:59 . 2006-12-19 12:16 333,824 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-01-16 18:37 . 2007-10-25 21:36 8,454,656 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-01-16 18:37 . 2007-02-09 05:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-01-16 18:37 . 2006-12-19 15:52 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-01-16 18:37 . 2006-07-21 02:24 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll 2008-01-16 16:17 . 2008-01-16 16:17 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\Template 2008-01-16 16:17 . 2008-01-23 12:54 420 --a------ C:\Documents and Settings\Katrina Dobrolinsky\Application Data\wklnhst.dat 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-16 13:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-16 11:52 . 2008-01-16 11:52 <DIR> d-------- C:\Documents and Settings\Katrina Dobrolinsky\Application Data\AdobeUM 2008-01-16 09:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-16 09:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 02:27 --------- d-----w C:\Program Files\QuickTime 2008-02-07 23:19 --------- d-----w C:\Program Files\Google 2008-02-07 23:17 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-02-07 22:09 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp 2008-02-07 19:00 --------- d-----w C:\Program Files\Quicken 2008-02-05 19:57 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-25 20:39 --------- d-----w C:\Program Files\Java 2008-01-17 22:44 --------- d-----w C:\Program Files\Microsoft Picture It! 9 2008-01-16 14:17 --------- d-----w C:\Program Files\WildTangent 2008-01-16 04:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-16 04:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-16 03:58 1,706 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ430UA#ABA)_YN_0Pres_QCND6252C2N_E413900001_46_I30A8_SHP_V56.37_BF.13_T060510_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#080115_N14E44311_(EZ430UA#ABA)_XMOBILE_CN10_Z_2F.13.MRK 2008-01-16 03:10 --------- d-----w C:\Program Files\Quickensetup 2008-01-16 03:08 --------- d-----w C:\Program Files\NetWaiting 2008-01-16 03:07 --------- d-----w C:\Program Files\music_now 2008-01-16 03:07 --------- d-----w C:\Program Files\MSN Encarta Plus 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Works 2008-01-16 03:07 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard 2008-01-16 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-16 03:05 --------- d-----w C:\Program Files\HP Rhapsody 2008-01-16 03:04 --------- d-----w C:\Program Files\CONEXANT 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-16 03:03 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-01-16 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-01-16 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-15 22:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 14:43 --------- d-----w C:\Program Files\iTunes 2008-01-09 12:20 --------- d-----w C:\Program Files\Picasa2 2008-01-09 04:48 --------- d-----w C:\Program Files\iWin Games 2008-01-09 04:32 17,464,248 ----a-w C:\Program Files\IE7Setup_G.exe 2008-01-07 02:06 --------- d-----w C:\Program Files\MySpace 2007-12-27 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games 2007-12-25 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse 2007-12-20 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spadester 2007-12-20 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap 2007-12-20 17:52 --------- d-----w C:\Program Files\THQ 2007-12-17 01:39 --------- d-----w C:\Program Files\Unlocker 2007-12-16 05:00 --------- d-----w C:\Program Files\Common Files\Adobe 2007-05-16 19:09 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-01-15 17:34 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-09-24 16:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2006-10-22 03:26 122 --sha-r C:\WINDOWS\Regbak.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-05 22:01 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-13 02:46 286720] "F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [2008-02-05 20:53 182936] "F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2008-02-05 20:53 739936] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SilkQuit Meter.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SilkQuit Meter.lnk backup=C:\WINDOWS\pss\SilkQuit Meter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Darian.PC120716747189^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Darian.PC120716747189\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Katrina Dobrolinsky^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=C:\Documents and Settings\Katrina Dobrolinsky\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] --a------ 2006-02-22 09:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2008-02-05 20:53 182936 C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2008-02-05 20:53 739936 C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2006-04-18 05:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2008-01-19 12:36 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-17 00:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2008-01-18 16:25 454656 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2008-01-19 12:36 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2008-01-19 12:36 94208 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2008-01-18 22:35 98304 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2008-01-17 17:54 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-01-19 16:20 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2008-01-19 12:36 94208 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2006-03-07 14:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2006-04-11 22:54 102400 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-13 02:46 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] --a------ 2005-10-11 11:23 1187840 C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-02-05 22:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 23:46 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 05:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2007-11-01 05:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 05:42] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 05:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 05:42] . Contents of the 'Scheduled Tasks' folder "2008-02-09 00:01:39 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\CHARTE~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 21:49:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe . ************************************************************************** . Completion time: 2008-02-08 21:52:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-09 03:52:42 ComboFix2.txt 2008-02-09 02:39:26 ComboFix3.txt 2008-02-05 22:27:48 |
|
|
|
|
02-08-2008, 08:59 PM
|
#20 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,722
OS: 2000 Pro; XP Pro; XP Home
|
Re: Virus.Win32.Trats.d
Great.....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java:
--------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. This will take an hour or so depending on the size of the disk. Do not run other applications while the scan is working, as that can increase the scan time. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
