Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

something i cant get rid of please assist

This is a discussion on something i cant get rid of please assist within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I let my room mate use my computer while i was away and he got something on my computer that


 
 
Thread Tools Search this Thread
Old 09-16-2008, 12:03 PM   #1
Guest
 
Join Date: Sep 2008
Posts: 4
OS:



I let my room mate use my computer while i was away and he got something on my computer that messed stuff up. (yes i know bad idea letting someone else use your computer, I thought it would be ok.) Anyway i had a bunch of viruses and stuff and after running spybot, ad-aware, and avast it seemed i got it all. But something is still in the system and i can't seem to get rid of it.

Backround updaters and linking from other sites wont load, although if i go there manually they will. My computer also seems to be thinking/processing something even when nothings running. I believe it also bring more viruses because later I found more but spybot and avast took care of those. I need help finding the source though and eliminating it. Any help would be greatly appreciated.

running XP pro service pack 3


Logfile of random's system information tool 1.01 (written by random/random)
Run by kage musha at 2008-09-16 13:43:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (12%) free of 477 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:43 PM, on 9/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kage musha\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kage musha.exe

O2 - BHO: (no name) - {0E5B4414-9FC6-46BD-8519-8373A44918A1} - C:\WINDOWS\system32\awtrPhIy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [d07e210d] rundll32.exe "C:\WINDOWS\system32\bfptcsby.dll",b
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: suvkoz.dll
O20 - Winlogon Notify: opnoLCSK - opnoLCSK.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4346 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5B4414-9FC6-46BD-8519-8373A44918A1}]
C:\WINDOWS\system32\awtrPhIy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
""=C:\WINDOWS\system32\
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"d07e210d"=C:\WINDOWS\system32\bfptcsby.dll [2008-09-15 89088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-12-06 167368]
"Aim6"=C:\WINDOWS\system32\
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
""=C:\WINDOWS\system32\
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="suvkoz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-28 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnoLCSK]
opnoLCSK.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{55737035-1B75-48DD-A4D8-66155D8AC7A3}"=C:\WINDOWS\system32\opnoLCSK.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\awtrPhIy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\kage musha\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\Documents and Settings\kage musha\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddfd5cf-857a-11dc-ba7c-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe


File associations

.txt - open - Notepad.exe "%1"

List of files/folders created in the last three months

2008-09-16 13:43:39 ----D---- C:\rsit
2008-09-15 15:50:21 ----SH---- C:\WINDOWS\system32\ybsctpfb.ini
2008-09-15 15:50:10 ----A---- C:\WINDOWS\system32\suvkoz.dll
2008-09-15 15:50:10 ----A---- C:\WINDOWS\system32\bfptcsby.dll
2008-09-15 15:50:09 ----A---- C:\WINDOWS\system32\ijydifhi.dll
2008-09-11 23:36:22 ----D---- C:\Program Files\Trend Micro
2008-09-11 13:16:26 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-11 13:09:19 ----ASH---- C:\WINDOWS\system32\gudrfafh.ini
2008-09-11 13:09:08 ----A---- C:\WINDOWS\system32\hfafrdug.dll
2008-09-11 04:37:53 ----A---- C:\WINDOWS\unvise32.exe
2008-09-11 04:26:11 ----A---- C:\WINDOWS\wininit.ini
2008-09-11 04:01:00 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-11 02:03:21 ----ASH---- C:\WINDOWS\system32\svkpgbcl.ini
2008-09-11 02:03:03 ----A---- C:\WINDOWS\BMd34d1291.txt
2008-09-11 02:02:36 ----A---- C:\WINDOWS\system32\db5de573-.txt
2008-09-11 02:02:23 ----ASH---- C:\WINDOWS\system32\yIhPrtwa.ini2
2008-09-11 02:02:23 ----ASH---- C:\WINDOWS\system32\yIhPrtwa.ini
2008-09-11 01:57:20 ----D---- C:\Program Files\MS Antivirus
2008-09-11 01:57:06 ----A---- C:\WINDOWS\system32\tdssinit.dll
2008-09-07 21:42:19 ----D---- C:\WINDOWS\Prefetch
2008-09-07 20:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 20:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 20:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-07 20:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-07 20:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-07 20:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-07 20:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-07 20:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 20:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-07 20:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 20:33:41 ----D---- C:\WINDOWS\system32\scripting
2008-09-07 20:33:40 ----D---- C:\WINDOWS\system32\en
2008-09-07 20:33:40 ----D---- C:\WINDOWS\l2schemas
2008-09-07 20:33:39 ----D---- C:\WINDOWS\system32\bits
2008-09-07 20:31:58 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-07 20:28:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-07 20:25:11 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-09-07 20:25:10 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-09-07 20:25:09 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-07 20:25:09 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-07 20:25:04 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-09-07 20:25:04 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-09-07 20:25:01 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-07 20:25:00 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-07 20:24:59 ----N---- C:\WINDOWS\slrundll.exe
2008-09-07 20:24:59 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-07 20:24:59 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-09-07 20:24:59 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-07 20:24:59 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-07 20:24:59 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-07 20:24:58 ----A---- C:\WINDOWS\system32\setupn.exe
2008-09-07 20:24:58 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-07 20:24:57 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-07 20:24:57 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-09-07 20:24:56 ----A---- C:\WINDOWS\system32\qutil.dll
2008-09-07 20:24:56 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-09-07 20:24:56 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-09-07 20:24:56 ----A---- C:\WINDOWS\system32\qagent.dll
2008-09-07 20:24:55 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-07 20:24:55 ----A---- C:\WINDOWS\system32\onex.dll
2008-09-07 20:24:53 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\napstat.exe
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-09-07 20:24:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-07 20:24:49 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-07 20:24:49 ----A---- C:\WINDOWS\system32\mssha.dll
2008-09-07 20:24:43 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-09-07 20:24:43 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-07 20:24:43 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-09-07 20:24:43 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-07 20:24:42 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-07 20:24:37 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-07 20:24:33 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-09-07 20:24:33 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-09-07 20:24:32 ----A---- C:\WINDOWS\system32\comsdupd.exe
2008-09-07 20:24:30 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-07 20:24:28 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-09-07 20:24:28 ----A---- C:\WINDOWS\003111_.tmp
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-07 20:24:27 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-09-07 20:24:26 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-09-07 20:24:26 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-07 20:24:26 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-07 20:24:25 ----A---- C:\WINDOWS\system32\credssp.dll
2008-09-07 20:24:23 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-07 20:24:23 ----A---- C:\WINDOWS\system32\azroles.dll
2008-09-07 20:24:23 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-07 20:24:22 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-07 20:24:22 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-07 20:24:18 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-08-24 14:07:27 ----D---- C:\Documents and Settings\kage musha\Application Data\Xfire
2008-08-24 14:07:24 ----D---- C:\Program Files\Xfire
2008-08-24 13:59:37 ----D---- C:\Program Files\Gpotato
2008-08-13 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-10 16:30:10 ----D---- C:\WINDOWS\foonts
2008-08-09 20:17:29 ----D---- C:\Documents and Settings\kage musha\Application Data\ImgBurn
2008-08-09 20:15:39 ----D---- C:\Program Files\ImgBurn
2008-08-09 16:00:21 ----D---- C:\Program Files\Apple Software Update
2008-08-09 15:59:42 ----D---- C:\Program Files\iPod
2008-08-09 15:59:39 ----D---- C:\Program Files\iTunes
2008-08-06 12:29:37 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-06 12:29:37 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-06 12:29:37 ----A---- C:\WINDOWS\system32\java.exe
2008-07-27 11:09:12 ----A---- C:\WINDOWS\system32\FileOps.exe
2008-07-27 11:09:11 ----D---- C:\WINDOWS\system32\Adobe
2008-07-25 03:34:54 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-07-25 03:34:52 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-07-25 03:34:50 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-07-25 03:34:46 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-07-25 03:34:42 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-07-25 03:34:40 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-07-25 03:34:36 ----A---- C:\WINDOWS\system32\DivX.dll
2008-07-25 03:34:30 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-07-23 11:48:40 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 11:47:34 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 11:46:38 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-16 01:58:35 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-09 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-07 12:45:15 ----D---- C:\Documents and Settings\kage musha\Application Data\Media Player Classic
2008-06-20 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-18 01:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\C:\Program Files\VMLaunch\BuddyVM.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-28 2456064]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-09-14 169856]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 577664]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 atzwm98i;atzwm98i; C:\WINDOWS\system32\drivers\atzwm98i.sys []
S3 aw5c5uen;aw5c5uen; C:\WINDOWS\system32\drivers\aw5c5uen.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-05-11 22560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-05-11 1921184]
S3 LVUVC;QuickCam Communicate Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-05-11 3580832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-28 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-11-15 68096]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S4 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------
seta_runner is offline  
Sponsored Links
Advertisement
 
Old 09-17-2008, 03:28 AM   #2
Security Team
Colleague
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 3,217
OS: Windows/Linux

My System


Hi seta_runner

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We need to disable your TeaTimer as it may interfere with the fixes that we need to make.

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

After all of the fixes are complete it is very important that you enable TeaTimer again, I will let you know when it is safe to do so.

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

A Tutorial for Tea Timer can be found here -> https://russelltexas.com/malware/teatimer.htm

Please scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

https://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
sjb007 is offline  
Old 09-17-2008, 10:38 AM   #3
Guest
 
Join Date: Sep 2008
Posts: 4
OS:



ComboFix 08-09-16.05 - kage musha 2008-09-17 12:50:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1551 [GMT -5:00]
Running from: C:\Documents and Settings\kage musha\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.

2008-09-16 14:06 . 2008-09-16 14:06 <DIR> d-------- C:\Program Files\COMODO
2008-09-16 14:06 . 2008-09-16 14:06 <DIR> d-------- C:\Documents and Settings\kage musha\Application Data\Comodo
2008-09-16 14:06 . 2008-09-16 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-16 14:06 . 2008-09-16 14:06 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-16 14:06 . 2008-09-16 14:06 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-16 14:06 . 2008-09-16 14:06 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-16 13:43 . 2008-09-16 13:43 <DIR> d-------- C:\rsit
2008-09-12 21:59 . 2008-09-12 21:59 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-11 23:36 . 2008-09-11 23:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-11 16:05 . 2008-09-11 21:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-11 04:37 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-09-11 04:26 . 2008-09-16 03:38 153 --a------ C:\WINDOWS\wininit.ini
2008-09-11 04:01 . 2008-09-11 04:01 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-11 01:57 . 2008-09-11 02:47 <DIR> d-------- C:\Program Files\MS Antivirus
2008-09-11 00:55 . 2008-09-11 05:13 <DIR> d-------- C:\Program Files\SEKILALA
2008-09-10 21:01 . 2008-09-10 21:01 244 --ah----- C:\sqmnoopt09.sqm
2008-09-10 21:01 . 2008-09-10 21:01 232 --ah----- C:\sqmdata09.sqm
2008-09-07 20:33 . 2008-09-07 20:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-07 20:33 . 2008-09-07 20:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-07 20:33 . 2008-09-07 20:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-07 20:33 . 2008-09-07 20:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-07 20:31 . 2008-09-07 20:33 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-07 20:24 . 2008-04-13 19:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-25 11:53 . 2008-08-25 11:53 244 --ah----- C:\sqmnoopt08.sqm
2008-08-25 11:53 . 2008-08-25 11:53 232 --ah----- C:\sqmdata08.sqm
2008-08-24 14:07 . 2008-08-24 14:07 <DIR> d-------- C:\Program Files\Xfire
2008-08-24 14:07 . 2008-08-24 14:07 <DIR> d-------- C:\Documents and Settings\kage musha\Application Data\Xfire
2008-08-24 13:59 . 2008-08-24 13:59 <DIR> d-------- C:\Program Files\Gpotato
2008-08-24 13:38 . 2008-08-24 13:38 7,546 --a------ C:\snipah.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 17:22 --------- d-----w C:\Documents and Settings\kage musha\Application Data\uTorrent
2008-09-16 21:36 --------- d-----w C:\Program Files\Messenger Plus Live
2008-09-16 18:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 17:02 --------- d-----w C:\Program Files\World of Warcraft
2008-09-14 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-11 09:37 --------- d-----w C:\Program Files\ZyX
2008-09-11 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-11 09:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-11 06:34 --------- d-----w C:\Program Files\TRABULANCE
2008-09-07 00:05 --------- d-----w C:\Program Files\The Rosetta Stone
2008-08-11 16:11 --------- d-----w C:\Program Files\uTorrent
2008-08-10 01:39 --------- d-----w C:\Documents and Settings\kage musha\Application Data\ImgBurn
2008-08-10 01:15 --------- d-----w C:\Program Files\ImgBurn
2008-08-09 21:00 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 20:59 --------- d-----w C:\Program Files\iTunes
2008-08-09 20:59 --------- d-----w C:\Program Files\iPod
2008-08-08 02:34 --------- d-----w C:\Program Files\FEAR
2008-08-07 18:18 --------- d-----w C:\Program Files\DivX
2008-08-06 17:29 --------- d-----w C:\Program Files\Java
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-24 21:56 --------- d-----w C:\Program Files\QuickTime
2008-07-24 21:56 --------- d-----w C:\Program Files\Bonjour
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-22 06:16 --------- d-----w C:\Program Files\vixy.net
2008-07-20 22:33 --------- d-----w C:\Program Files\Lavasoft
2008-07-20 22:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-19 00:50 --------- d-----w C:\Program Files\Starcraft
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 23:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( [email protected]_12.30.18.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-14 22:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-06 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-16 1655552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-16 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-16 24208]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;C:\Program Files\VMLaunch\BuddyVM.sys [2004-12-03 15872]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 577664]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S4 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddfd5cf-857a-11dc-ba7c-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\kage musha\Application Data\Mozilla\Firefox\Profiles\pa3j9evt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
.
------- File Associations -------
.
txtfile=Notepad.exe "%1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-09-17 12:50:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-17 12:52:01
ComboFix-quarantined-files.txt 2008-09-17 17:51:38
ComboFix2.txt 2008-09-17 17:31:44

Pre-Run: 56,335,486,976 bytes free
Post-Run: 56,320,098,304 bytes free

161 --- E O F --- 2008-09-11 01:34:04


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:55 PM, on 9/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4238 bytes
seta_runner is offline  
Sponsored Links
Advertisement
 
Old 09-18-2008, 12:10 AM   #4
Security Team
Colleague
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 3,217
OS: Windows/Linux

My System


Hi there

Please download OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\MS Antivirus

Return to OTMoveIt2, under "Paste Standard List of Files/Folders to Move" - right click in the window and choose Paste.
Click the red Moveit! button.
OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.



    Click the "Browse" button and browse to this file in RED:

    C:\WINDOWS\unvise32.exe
  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post back with
The results from OTMoveIt2
The kaspersky Log
An update on how things are running....
sjb007 is offline  
Old 09-18-2008, 10:43 AM   #5
Guest
 
Join Date: Sep 2008
Posts: 4
OS:



C:\Program Files\MS Antivirus moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09182008_122244

---

MD5: 84b4f61f59a421bd85d97b35d194b42b
First received: 11.14.2007 23:31:57 (CET)
Date: 09.14.2008 22:25:32 (CET) [>3D]
Results: 0/36
Permalink: analisis/ba67f1e656037407eb254b637ae2906d


Antivirus Version Last Update Result
AhnLab-V3 2008.9.13.0 2008.09.12 -
AntiVir 7.8.1.28 2008.09.14 -
Authentium 5.1.0.4 2008.09.14 -
Avast 4.8.1195.0 2008.09.14 -
AVG 8.0.0.161 2008.09.14 -
BitDefender 7.2 2008.09.14 -
CAT-QuickHeal 9.50 2008.09.13 -
ClamAV 0.93.1 2008.09.14 -
DrWeb 4.44.0.09170 2008.09.14 -
eSafe 7.0.17.0 2008.09.14 -
eTrust-Vet 31.6.6087 2008.09.12 -
Ewido 4.0 2008.09.14 -
F-Prot 4.4.4.56 2008.09.14 -
F-Secure 8.0.14332.0 2008.09.14 -
Fortinet 3.113.0.0 2008.09.14 -
GData 19 2008.09.14 -
Ikarus T3.1.1.34.0 2008.09.14 -
K7AntiVirus 7.10.454 2008.09.13 -
Kaspersky 7.0.0.125 2008.09.14 -
McAfee 5383 2008.09.12 -
Microsoft 1.3903 2008.09.14 -
NOD32v2 3440 2008.09.13 -
Norman 5.80.02 2008.09.12 -
Panda 9.0.0.4 2008.09.14 -
PCTools 4.4.2.0 2008.09.14 -
Prevx1 V2 2008.09.14 -
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.14 -
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.14 -
TheHacker 6.3.0.9.082 2008.09.14 -
TrendMicro 8.700.0.1004 2008.09.12 -
VBA32 3.12.8.5 2008.09.14 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.14 -
Webwasher-Gateway 6.6.2 2008.09.14 -
Additional information
File size: 86016 bytes
MD5...: 84b4f61f59a421bd85d97b35d194b42b
SHA1..: d3f2bac1a72f82c42d551c066c8ec841f46adb60
SHA256: f241f37d423dd5c192b22ca1d4655dbf9e9b861487a6ac0f958b190e975934dc
SHA512: 4bbbe843a56e5b3a554a23e16450ce33543c6a7a37e917908e7ab1c7a729700b
3f04a83bccadd126017ab5fca73d57e9caef085d349112672c14328e05d66b88
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408a7a
timedatestamp.....: 0x385a52ff (Fri Dec 17 15:13:03 1999)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xddb5 0xe000 6.52 2016979550b1336eb7ca4fa8332d7f11
.rdata 0xf000 0x1726 0x2000 4.38 233783be01153608f9480f0590b88a2f
.data 0x11000 0x2ff8 0x2000 4.13 dd586d7dfddbeecb449fcf42d8e3ed31
.rsrc 0x14000 0x1660 0x2000 3.30 4eb94c6f473197e2c1c22186dc261dff

( 8 imports )
> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA
> KERNEL32.dll: GetProcAddress, GetPrivateProfileStringA, GetExitCodeProcess, WritePrivateProfileStringA, lstrcmpiA, Sleep, CloseHandle, GetLastError, lstrlenW, GetTickCount, GetTempFileNameA, MultiByteToWideChar, lstrcpynA, lstrcmpA, _lopen, GetSystemDirectoryA, WideCharToMultiByte, GetWindowsDirectoryA, GetTempPathA, FindFirstFileA, FindClose, FindNextFileA, GetShortPathNameA, DeleteFileA, GlobalHandle, GlobalAlloc, SetFileAttributesA, _hread, GetFileAttributesA, MoveFileExA, GetCurrentDirectoryA, SetCurrentDirectoryA, GlobalFree, lstrlenA, lstrcatA, WriteProfileStringA, OpenFile, _lread, _llseek, _lclose, LoadLibraryA, FindResourceA, LoadResource, LockResource, lstrcpyA, FreeResource, FreeLibrary, IsBadCodePtr, FlushFileBuffers, GlobalLock, CopyFileA, GlobalUnlock, RemoveDirectoryA, MulDiv, GetVersionExA, WriteFile, HeapDestroy, GetEnvironmentStringsW, HeapCreate, FreeEnvironmentStringsW, FreeEnvironmentStringsA, VirtualFree, GetStringTypeA, TerminateProcess, GetModuleFileNameA, UnhandledExceptionFilter, IsBadReadPtr, HeapSize, HeapReAlloc, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetOEMCP, GetACP, GetCPInfo, SetEndOfFile, GetStdHandle, SetHandleCount, SetStdHandle, GetCurrentProcess, GetEnvironmentStrings, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, MoveFileA, RtlUnwind, CreateFileA, GetFileType, ReadFile, SetFilePointer, IsBadWritePtr, VirtualAlloc, GetStringTypeW, SetUnhandledExceptionFilter
> USER32.dll: DialogBoxParamA, GetWindowRect, SetFocus, DispatchMessageA, GetDesktopWindow, IsWindowVisible, GetParent, EndPaint, BeginPaint, SetWindowTextA, GetWindow, SendMessageA, UpdateWindow, ShowWindow, CreateDialogParamA, GetSysColor, DestroyWindow, MoveWindow, TranslateMessage, PeekMessageA, OffsetRect, ScreenToClient, InvalidateRect, GetDlgItem, FillRect, DdeInitializeA, DdeUninitialize, DdeAccessData, DdeUnaccessData, DdeFreeDataHandle, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeGetLastError, DdeDisconnect, DdeFreeStringHandle, LoadStringA, MessageBoxA, GetDC, EndDialog, SetDlgItemTextA, wsprintfA, ReleaseDC, CharUpperA, GetDlgItemTextA, PostMessageA, FindWindowA
> GDI32.dll: DeleteObject, CreateSolidBrush, GetDeviceCaps, GetObjectA, RemoveFontResourceA, CreateFontIndirectA
> ADVAPI32.dll: QueryServiceStatus, CloseServiceHandle, OpenSCManagerA, RegCloseKey, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueA, RegQueryValueExA, ControlService, DeleteService, OpenServiceA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegSetValueA, RegSetValueExA, RegDeleteValueA
> SHELL32.dll: ShellExecuteExA, SHChangeNotify, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: OleUninitialize, OleInitialize, StringFromGUID2
> OLEAUT32.dll: -

( 0 exports )
ThreatExpert info: https://www.threatexpert.com/report.a...d97b35d194b42b

---


I am unable to load the kaspersky page. internet connection works fine and I tried using alternate links to the site but it wont load.
seta_runner is offline  
Old 09-18-2008, 04:42 PM   #6
Security Team
Colleague
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 3,217
OS: Windows/Linux

My System


Hi there seta_runner

Lets try an alternative online scan using Panda Activescan

Please go to HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
sjb007 is offline  
Old 09-18-2008, 11:13 PM   #7
Guest
 
Join Date: Sep 2008
Posts: 4
OS:



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-19 01:11:12
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080918-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\kage musha\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\kage musha\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\kage musha\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\kage musha\Cookies\[email protected][1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\kage musha\Cookies\[email protected][2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP7\A0002742.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP7\A0002589.sys
03615837 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Back_up\wire\kango shicyauzo 2 Crack All Version.zip[Crack.All.Version.exe]
03644242 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP2\A0001387.dll
03645659 Generic Malware Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\09182008_122244\Program Files\MS Antivirus\MSA.exe
03677001 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP2\A0001332.dll
03682902 Application/UltimateDefender HackTools No 0 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP5\A0001453.dll
03694400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP7\A0002573.dll
03694400 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP7\A0002574.dll
03694400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ijydifhi.dll.vir
03694400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\suvkoz.dll.vir
03708966 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hfafrdug.dll.vir
03708966 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6A8BF6AD-331A-4D2B-8E9F-04E55B6305E4}\RP7\A0002572.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
seta_runner is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:19 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts