PDA

View Full Version : Virtumonde & Virut HELP


g30rg3
2007-11-07, 14:58
Hi Everybody,

I have had these problems for about a week now. It started with the Virut virus which i removeded with AVG Tool and i also had Virtumonde which i removed but i seem to still have something that AdAware can't remove.


Here is my HijackThis Log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:06, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194414829218
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4153 bytes


Any HELP would be appreciated
g30rg3
2007-11-07, 15:27
Hi,
Here is My Ad-Aware log too:-

Scan Results
Ad-Aware 2007 Professional Edition
Log File Created on:2007-11-0713:34:36
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:PC1
Name of user performing scan:SYSTEM
Name of user ordering scan:George
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:1
Processor type:AMD Athlon(tm) XP
Memory Available:39%
Total Physical Memory:1073201152 Bytes
Available Physical Memory:412008448 Bytes
Total Page File Size:3990827008 Bytes
Available On Page File:3471933440 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1990483968 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7, 0, 2, 3
aawservice.exe 7, 0, 2, 5
Ad-Aware2007.exe 7.0.1.3
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Dump Exceptions To Disk
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:32
Build Number:0
Build Date and Time:2007/11/0708:48:36
[to top]
Scan Statistics
Method:Full

Items Scanned:221101
Infections Detected:1
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 0 0
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\George\Recent Count: 1


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
[to top]
g30rg3
2007-11-07, 15:42
I don't know if this is any help but svchosts.exe file is trying to acess the internet irratically which my firewall (Sygate) blocks
g30rg3
2007-11-07, 18:45
I ran combofix with teatime diabled like i read on another post, here is the log file:-

ComboFix 07-11-07.3 - George 2007-11-07 15:17:17.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT 0:00]
Running from: C:\Documents and Settings\George\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-07 14:12 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-07 12:54 <DIR> d-------- C:\Documents and Settings\George\Application Data\Talkback
2007-11-07 06:04 1,733 --a------ C:\cc_20071107_0604.reg
2007-11-07 05:27 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-06 21:37 <DIR> d-------- C:\Program Files\Bluetack
2007-11-06 20:51 54,624 --a------ C:\WINDOWS\system32\37f33.sys
2007-11-06 20:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-11-06 20:25 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2007-11-06 20:25 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2007-11-06 20:25 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2007-11-06 20:25 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2007-11-06 20:25 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2007-11-06 20:25 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2007-11-06 20:17 1,032,192 --a--c--- C:\WINDOWS\system32\dllcache\conf.exe
2007-11-06 20:17 93,184 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-11-06 20:17 73,728 --a--c--- C:\WINDOWS\system32\dllcache\wmplayer.exe
2007-11-06 20:17 46,080 --a--c--- C:\WINDOWS\system32\dllcache\wab.exe
2007-11-06 20:17 39,936 --a--c--- C:\WINDOWS\system32\dllcache\msinfo32.exe
2007-11-06 20:17 4,639 --a--c--- C:\WINDOWS\system32\dllcache\mplayer2.exe
2007-11-06 20:11 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-11-06 20:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-11-06 20:08 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-11-06 20:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-11-06 20:08 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-11-06 16:55 <DIR> d-------- C:\I386
2007-11-06 00:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-05 22:58 <DIR> d-------- C:\Program Files\Sygate
2007-11-05 22:58 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-11-05 22:58 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-11-05 22:58 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-11-05 22:58 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-11-05 22:58 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-11-05 22:58 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-11-05 22:58 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-11-05 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-05 22:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-05 22:24 54,624 --a------ C:\WINDOWS\system32\9c0D7D.sys
2007-11-05 21:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-05 20:20 <DIR> d-------- C:\Program Files\Safer Networking
2007-11-05 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-05 18:55 <DIR> d-------- C:\Downloads
2007-11-05 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-11-05 13:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-05 13:51 <DIR> d-------- C:\Documents and Settings\George\Application Data\AVG7
2007-11-05 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 06:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-05 05:33 <DIR> d-------- C:\Documents and Settings\George\DoctorWeb
2007-11-04 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-04 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 11:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-04 11:50 <DIR> d-------- C:\Program Files\CCleaner
2007-11-03 20:44 <DIR> d-------- C:\WINDOWS\ccleaner
2007-10-20 00:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-10-20 00:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-10-18 09:06 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:02 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 05:40 --------- d-----w C:\Program Files\DivX
2007-11-07 04:16 --------- d-----w C:\Program Files\Movie Splitter
2007-11-07 03:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 00:51 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-07 00:51 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-05 23:46 --------- d-----w C:\Program Files\Creative
2007-11-05 01:40 --------- d-----w C:\Program Files\Any Video Converter
2007-11-04 20:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-11-03 21:15 --------- d-----w C:\Program Files\XviD
2007-11-03 21:15 --------- d-----w C:\Program Files\Visioneer OneTouch
2007-11-03 21:15 --------- d-----w C:\Program Files\SiSLan
2007-11-03 21:15 --------- d-----w C:\Program Files\ScanSoft
2007-11-03 21:15 --------- d-----w C:\Program Files\Real
2007-11-03 21:15 --------- d-----w C:\Program Files\QuickTime
2007-11-03 21:14 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-11-03 21:14 --------- d-----w C:\Program Files\Nokia
2007-11-03 21:14 --------- d-----w C:\Program Files\NetCracker Designer
2007-11-03 21:14 --------- d-----w C:\Program Files\Multimedia V3.54
2007-11-03 21:14 --------- d-----w C:\Program Files\MSN Messenger
2007-11-03 21:13 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-03 21:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-03 21:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 21:13 --------- d-----w C:\Program Files\Kontiki
2007-11-03 21:13 --------- d-----w C:\Program Files\Java
2007-11-03 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-03 21:12 --------- d-----w C:\Program Files\Jasc Software Inc
2007-11-03 21:12 --------- d-----w C:\Program Files\iTunes
2007-11-03 21:12 --------- d-----w C:\Program Files\iPod
2007-11-03 21:12 --------- d-----w C:\Program Files\eXpress CheckSum Calculator
2007-11-03 21:12 --------- d-----w C:\Program Files\eMule
2007-11-03 21:12 --------- d-----w C:\Program Files\directx
2007-11-03 21:12 --------- d-----w C:\Program Files\CyberLink
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\Real
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\Java
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-03 21:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-03 21:11 --------- d-----w C:\Program Files\Chami
2007-11-03 21:11 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-11-03 21:11 --------- d-----w C:\Program Files\BitComet
2007-11-03 21:11 --------- d-----w C:\Program Files\All Video Converter
2007-11-03 21:11 --------- d-----w C:\Program Files\ahead
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\PC Suite
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\OpenOffice.org2
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\MSNInstaller
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\Jasc Software Inc
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\DivX
2007-11-03 21:05 --------- d-----w C:\Documents and Settings\George\Application Data\Apple Computer
2007-11-03 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-11-03 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-03 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2007-11-03 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2001-10-16 08:10 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 08:58 36,864 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 08:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 08:11 167,936 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-05 13:51]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 00:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-05 13:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydarVisionDesktopManager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINDOWS\system32\drivers\e10kx2k.sys
S3 37f33;37f33;\??\C:\WINDOWS\system32\37f33.sys
S3 9c0D7D;9c0D7D;\??\C:\WINDOWS\system32\9c0D7D.sys
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 15:18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
.
Completion time: 2007-11-07 15:19:13
.
--- E O F ---


Anybody any advise?????
g30rg3
2007-11-08, 18:39
Hi, can anybody tell me the average wait time for assistance??:)
tashi
2007-11-22, 00:19
Hello.

Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

We ask only for a HJT log and the results of an on-line anti virus scan.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc (http://forums.spybot.info/showthread.php?t=16806 )

For people waiting who have not resolved their problem, we have a sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

However if members waiting for assistance do not post there, their topic is archived.

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.