View Full Version : malware
biencutza
2008-09-25, 15:09
hi!
i have one problem. i've made an online scan with f-secure and this is what it found:
Scanning Report
Thursday, September 25, 2008 10:48:45 - 13:01:40
Computer name: BIUTZA
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\
Result: 6 malware found
TrackingCookie.2o7 (spyware)
* System
TrackingCookie.Doubleclick (spyware)
* System
W32/Packed/FSG_2.A (virus)
* C:\RETEA\KIT-URI\WINRAR 3.51\CRACK\WINRAR V3.51 CRACK MULTILANGUAGE BY TFT.EXE (Submitted)
* C:\RETEA\KIT-URI\WINAMP\KEYGEN.EXE (Submitted)
* D:\DOWNLOAD\KEYGEN.EXE (Submitted)
fp-Vundo.gen267 (virus)
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL (Submitted)
Statistics
Scanned:
* Files: 60475
* System: 4309
* Not scanned: 7
Actions:
* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 4
Files not scanned:
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\BIA\LOCAL SETTINGS\TEMP\ETILQS_I45DMBN7YSPOXHB1QA0A
Options
Scanning engines:
* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-09-25
* F-Secure AVP: 7.0.171, 2008-09-25
* F-Secure Pegasus: 1.20.0, 2008-08-09
* F-Secure Blacklight: 2.2.1092
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
please give me some advices.thank you!
Hi biencutza
What do you know about these programs ?
C:\RETEA\KIT-URI\WINRAR 3.51\CRACK\WINRAR V3.51 CRACK MULTILANGUAGE BY TFT.EXE (Submitted)
C:\RETEA\KIT-URI\WINAMP\KEYGEN.EXE (Submitted)
D:\DOWNLOAD\KEYGEN.EXE (Submitted)
If you have downloaded cracks-warez-keygenerators, the odds are you already have an infected computer.
Even visiting such a site can give your computer multiple infections.
Download and Run HijackThis
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Thanks peku006
Hello!
Do you still need help
It has been three days since my last post.
Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
biencutza
2008-10-02, 00:39
Hello!
Sorry for not responding. I still need help. I've made what you said. This is the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:01 AM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Amazing clock\AClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Amazing clock\aschdler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AmazingClock] "C:\Program Files\Amazing clock\AClock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 8888 bytes
Hi biencutza
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC
Thanks peku006
biencutza
2008-10-02, 22:59
Hi peku006!
info.txt logfile of random's system information tool 1.04 2008-10-02 22:24:09
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Amazing clock 1.2-->"C:\Program Files\Amazing clock\unins000.exe"
Anark Client 4-->C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall
Ansoft Designer 2.2 SV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9F87795-BD95-4C25-97A7-027B2117EF41}\Setup.exe" -l0x9
Applet Password Wizard-->C:\PROGRA~1\APPLET~1\UNWISE.EXE C:\PROGRA~1\APPLET~1\INSTALL.LOG
ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
BSPlayer-->"C:\Program Files\ACE Mega CoDecS Pack\BSPlayer\uninstall.exe"
Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
CoffeeCup Flash Password Wizard-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DMIView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\DMIView\Uninst.isu"
Document Converter Pro v5.1-->"C:\Program Files\Neevia.Com\Document Converter\unins000.exe"
EasyTune5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
EnRo Dictionary 1.0-->"C:\Program Files\EnRo Dictionary\unins000.exe"
Everest Dictionary-->MsiExec.exe /I{D7252334-1115-4A4B-B9CE-6FE52AD18F75}
Face_Wizard B06.0707.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\SETUP.EXE" -l0x9 -removeonly
Free PS Convert driver 8.15-->"C:\Program Files\psconvert\unins000.exe"
GIGABYTE VGA Utility Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F739F79-450F-458C-BB8A-05AFA8A81E7E}\setup.exe" -l0x9 -uninst -removeonly
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intelinet 3.1.0-->"C:\Program Files\Intelinet\unins000.exe"
J2SE Development Kit 5.0 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150130}
J2SE Runtime Environment 5.0 Update 13-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JLC's Internet TV-->"C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
K-Lite Codec Pack 3.5.3 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySLAX Creator Wizard 1.4.1-->"C:\Program Files\MySLAX Creator\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
oDC (remove only)-->"C:\Program Files\oDC\uninstall.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Password Remover v2.2-->"C:\Program Files\PDF Password Remover v2.2\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Smart PDF Creator Pro 4.2-->"C:\Program Files\Smart PDF Creator Pro\unins000.exe"
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SystemView by ELANIX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SystemView\Uninst.isu"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Translator Englez-Romān-->C:\TRAD\setup\setup.exe
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB PC Camera VC305-->C:\Program Files\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}\setup.exe -runfromtemp -l0x0009 -removeonly
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.7.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vimicro USB PC Camera (ZC0301PLH)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe" -l0x9
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
=====HijackThis Backups=====
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
======Security center information======
AV: avast! antivirus 4.8.1229 [VPS 081002-0]
FW: Norton Internet Worm Protection (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Java\jdk1.5.0_13\bin;C:\Program Files\Java\jre1.6.0_03\bin;C:\Program Files\Common Files\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"KMP_DUPLICATE_LIB_OK"=TRUE
-----------------EOF-----------------
This is log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Bia at 2008-10-02 22:23:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (10%) free of 51 GB
Total RAM: 1023 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:03 PM, on 10/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Amazing clock\AClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Amazing clock\aschdler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Intelinet\intelin2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Bia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bia.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AmazingClock] "C:\Program Files\Amazing clock\AClock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 9043 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-25 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2007-01-02 544768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2006-11-22 704512]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\ETcall.exe [2006-12-16 31552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-11-12 286720]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2007-01-05 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SmartSoft PDF Printer (demo) Agent"=C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe [2007-10-22 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"=C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe [2007-10-22 94208]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2008-03-11 3551456]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-25 185896]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-03-03 72240]
"VMware hqtray"=C:\Program Files\VMware\VMware Workstation\hqtray.exe [2008-03-03 55856]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-08-15 1696256]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AmazingClock"=C:\Program Files\Amazing clock\AClock.exe [2005-02-14 388608]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-12-17 3810544]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Intelinet"=C:\Program Files\Intelinet\Intelinet.exe [2008-09-21 7368704]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}]
shell\Auto\command - K:\activexdebugger32.exe f
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shell\explore\command - K:\activexdebugger32.exe f
shell\open\command - K:\activexdebugger32.exe f
======List of files/folders created in the last 1 months======
2008-10-02 22:23:47 ----D---- C:\rsit
2008-10-02 22:00:49 ----D---- C:\Documents and Settings\Bia\Application Data\Malwarebytes
2008-10-02 21:58:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 21:58:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 18:52:29 ----D---- C:\WINDOWS\LastGood
2008-10-02 18:52:25 ----A---- C:\ASWL2K.ini
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\RemSvc.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASWLSVC.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASWL2K.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2008-10-01 23:42:37 ----D---- C:\Program Files\ASUS
2008-09-26 15:13:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-25 10:39:54 ----D---- C:\Program Files\Trend Micro
2008-09-25 10:27:21 ----SHD---- C:\RECYCLER
2008-09-25 10:23:11 ----A---- C:\ComboFix.txt
2008-09-25 10:14:10 ----D---- C:\WINDOWS\erdnt
2008-09-25 10:13:30 ----D---- C:\QooBox
2008-09-25 10:13:28 ----A---- C:\WINDOWS\zip.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\sed.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\grep.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 01:05:48 ----D---- C:\Program Files\Intelinet
2008-09-21 20:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-21 16:36:33 ----D---- C:\WINDOWS\Prefetch
2008-09-21 16:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-21 16:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-21 16:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-21 16:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-21 16:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-21 16:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-21 16:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-21 16:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-21 16:22:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-21 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-21 16:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-21 16:18:54 ----A---- C:\WINDOWS\setuplog.txt
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-21 16:18:03 ----D---- C:\WINDOWS\l2schemas
2008-09-21 16:18:02 ----D---- C:\WINDOWS\system32\en
2008-09-21 16:18:02 ----D---- C:\WINDOWS\system32\bits
2008-09-21 16:16:23 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-21 16:10:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-17 14:38:40 ----D---- C:\Documents and Settings\Bia\Application Data\U3
2008-09-11 08:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-06 18:13:21 ----D---- C:\Program Files\Anark
======List of files/folders modified in the last 1 months======
2008-10-02 22:16:58 ----HD---- C:\WINDOWS\inf
2008-10-02 22:16:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-02 22:16:56 ----D---- C:\WINDOWS
2008-10-02 22:02:07 ----SHD---- C:\WINDOWS\Installer
2008-10-02 22:01:57 ----D---- C:\WINDOWS\system32\drivers
2008-10-02 21:58:26 ----RD---- C:\Program Files
2008-10-02 21:38:33 ----D---- C:\Program Files\Mozilla Firefox
2008-10-02 18:54:02 ----D---- C:\WINDOWS\Temp
2008-10-02 18:53:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 18:52:18 ----D---- C:\WINDOWS\system32
2008-10-02 18:51:43 ----D---- C:\Documents and Settings\Bia\Application Data\VMware
2008-10-02 00:46:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-01 23:53:04 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-01 23:42:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 13:03:30 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-25 10:18:21 ----A---- C:\WINDOWS\system.ini
2008-09-25 10:16:40 ----D---- C:\WINDOWS\system32\config
2008-09-25 10:15:51 ----D---- C:\WINDOWS\AppPatch
2008-09-25 10:15:51 ----D---- C:\Program Files\Common Files
2008-09-22 14:48:22 ----D---- C:\Program Files\F-Secure Internet Security
2008-09-22 13:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-09-22 01:18:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-22 00:46:38 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-09-21 22:00:48 ----D---- C:\WINDOWS\SHELLNEW
2008-09-21 20:32:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 20:30:28 ----SD---- C:\WINDOWS\Tasks
2008-09-21 20:30:25 ----SH---- C:\AUTOEXEC.BAT
2008-09-21 20:20:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-21 19:34:04 ----D---- C:\Documents and Settings\Bia\Application Data\F-Secure
2008-09-21 18:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-09-21 17:08:01 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-21 16:54:12 ----D---- C:\Documents and Settings\Bia\Application Data\Mozilla
2008-09-21 16:36:18 ----D---- C:\WINDOWS\system32\Setup
2008-09-21 16:36:18 ----D---- C:\Program Files\Messenger
2008-09-21 16:36:17 ----RSD---- C:\WINDOWS\Fonts
2008-09-21 16:36:17 ----D---- C:\WINDOWS\system32\wbem
2008-09-21 16:35:32 ----D---- C:\WINDOWS\security
2008-09-21 16:23:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-21 16:18:28 ----D---- C:\WINDOWS\WinSxS
2008-09-21 16:18:24 ----D---- C:\Program Files\Windows Media Player
2008-09-21 16:18:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-21 16:18:12 ----D---- C:\WINDOWS\network diagnostic
2008-09-21 16:18:12 ----D---- C:\WINDOWS\ime
2008-09-21 16:18:12 ----D---- C:\WINDOWS\Help
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\usmt
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\en-US
2008-09-21 16:18:02 ----D---- C:\WINDOWS\PeerNet
2008-09-21 16:18:02 ----D---- C:\Program Files\Movie Maker
2008-09-21 16:16:15 ----D---- C:\WINDOWS\system32\Restore
2008-09-21 16:16:15 ----D---- C:\WINDOWS\system32\npp
2008-09-21 16:16:15 ----D---- C:\WINDOWS\mui
2008-09-21 16:16:14 ----D---- C:\WINDOWS\msagent
2008-09-21 16:16:13 ----D---- C:\WINDOWS\srchasst
2008-09-21 16:16:13 ----D---- C:\Program Files\NetMeeting
2008-09-21 16:16:12 ----D---- C:\WINDOWS\system32\Com
2008-09-21 16:16:10 ----D---- C:\Program Files\Windows NT
2008-09-21 16:16:10 ----D---- C:\Program Files\Outlook Express
2008-09-21 16:16:07 ----D---- C:\Program Files\Common Files\System
2008-09-21 16:15:53 ----D---- C:\WINDOWS\system32\oobe
2008-09-21 16:15:51 ----D---- C:\WINDOWS\system
2008-09-21 16:13:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-21 16:10:36 ----D---- C:\WINDOWS\ehome
2008-09-17 15:16:58 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-09-03 13:29:11 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2004-06-06 45952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-01 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-12-22 15781]
R2 TPPORT;TPPORT; C:\WINDOWS\system32\drivers\TPPORT.sys [2006-10-19 5024]
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HdAudAddService;VIA High Definition Audio Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2006-11-09 136448]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; C:\WINDOWS\system32\drivers\SYMIDSCO.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vvftav;vvftav; C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 474368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;USB PC Camera VC305; C:\WINDOWS\System32\Drivers\usbVM305.sys [2007-03-08 1466624]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-01 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 IntelinetSecure;IntelinetSecure; C:\Program Files\Intelinet\intelin2.exe [2008-09-17 856064]
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-11-30 186928]
-----------------EOF-----------------
[B]Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 3
10/2/2008 10:47:14 PM
mbam-log-2008-10-02 (22-47-14).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 136160
Time elapsed: 43 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\retea\KIT-uri\Nero 6.6.0.8 Ultra Edition\Keygen Nero 6.6.0.8 Ultra Edition.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\pt cablu TV\tvonline_sopcast.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Thank you for everything!
I'm waiting for you advices.
Hi biencutza
1 - Scan With ComboFix
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Please visit this webpage for download links, and instructions for running ComboFix -
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says -
The Recovery Console was successfully installed.
Please continue as follows -
Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
biencutza
2008-10-03, 15:44
Hi peku006!
The ComboFix.log :
ComboFix 08-10-02.04 - Bia 2008-10-03 15:31:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.603 [GMT 3:00]
Running from: C:\Documents and Settings\Bia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bia\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
2008-10-02 22:23 . 2008-10-02 22:24 <DIR> d-------- C:\rsit
2008-10-02 22:00 . 2008-10-02 22:00 <DIR> d-------- C:\Documents and Settings\Bia\Application Data\Malwarebytes
2008-10-02 21:58 . 2008-10-02 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 21:58 . 2008-10-02 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 21:58 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 21:58 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 18:52 . 2008-10-03 11:39 163 --a------ C:\ASWL2K.ini
2008-10-02 18:50 . 2008-10-03 11:37 4 --a------ C:\WINDOWS\system32\GVTunner.ref
2008-10-01 23:42 . 2008-10-01 23:42 <DIR> d-------- C:\Program Files\ASUS
2008-10-01 23:42 . 2006-07-25 21:20 537,600 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-10-01 23:42 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-10-01 23:42 . 2006-06-08 10:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-10-01 23:42 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-10-01 23:42 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-10-01 23:42 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-10-01 23:42 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-10-01 23:42 . 2008-10-01 23:42 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-01 23:42 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-10-01 23:42 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-09-25 10:39 . 2008-09-25 10:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 09:49 . 2008-09-26 23:07 1,647,050 --a------ C:\WINDOWS\setupapi.log.2.old
2008-09-22 01:05 . 2008-09-22 01:05 <DIR> d-------- C:\Program Files\Intelinet
2008-09-22 01:05 . 2008-10-03 11:39 0 --a------ C:\proc.id
2008-09-22 01:05 . 2008-10-03 11:39 0 --a------ C:\asdasd.asdasd
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-21 16:16 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-19 17:09 . 2008-09-19 17:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Sony Ericsson
2008-09-19 17:09 . 2008-09-19 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Babylon
2008-09-17 14:38 . 2008-09-17 14:38 <DIR> d-------- C:\Documents and Settings\Bia\Application Data\U3
2008-09-06 18:13 . 2008-09-06 18:13 <DIR> d-------- C:\Program Files\Anark
2008-09-06 18:13 . 2006-11-22 16:27 212,992 --a------ C:\WINDOWS\system32\AKCPanel.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 08:39 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2008-10-03 08:37 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-10-03 08:37 --------- d-----w C:\Documents and Settings\Bia\Application Data\VMware
2008-10-01 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 11:48 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-09-22 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-09-21 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-09-21 16:34 --------- d-----w C:\Documents and Settings\Bia\Application Data\F-Secure
2008-09-21 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-09-17 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-09-17 11:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-23 09:53 --------- d-----w C:\Documents and Settings\Bia\Application Data\Teleca
2008-08-23 09:51 --------- d-----w C:\Program Files\Disc2Phone
2008-08-23 09:39 --------- d-----w C:\Documents and Settings\Bia\Application Data\Sony Ericsson
2008-08-23 09:36 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-23 09:36 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-23 09:35 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-21 15:50 --------- d-----w C:\Program Files\oDC
2008-08-04 16:21 --------- d-----w C:\Program Files\VMware
2008-08-04 16:21 --------- d-----w C:\Program Files\Common Files\VMware
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-04 21:54 34,946 ----a-w C:\Program Files\usbview.zip
2007-09-04 12:05 79,168 ----a-w C:\Program Files\usbview.exe
2002-07-15 23:30 4,000,709 ----a-r C:\Program Files\dictionary.db
2002-05-19 17:44 518,656 ----a-w C:\Program Files\Dictionary.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_10.22.47.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-22 10:42:02 59,434 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-01 20:53:04 59,434 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-22 10:42:02 395,026 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 20:53:04 395,026 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-03 08:37:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"AmazingClock"="C:\Program Files\Amazing clock\AClock.exe" [2005-02-14 388608]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Intelinet"="C:\Program Files\Intelinet\Intelinet.exe" [2008-09-21 7368704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-01-02 544768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-11-22 704512]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-16 31552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-12 286720]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2007-01-05 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe" [2007-10-22 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe" [2007-10-22 94208]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 3551456]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-12-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 TPPORT;TPPORT;C:\WINDOWS\system32\drivers\TPPORT.sys [2006-10-19 5024]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-10-03 5112]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-10-03 17962]
R3 IntelinetSecure;IntelinetSecure;C:\Program Files\Intelinet\intelin2.exe [2008-09-17 856064]
S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 474368]
S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [2007-03-08 1466624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}]
\Shell\Auto\command - K:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - K:\activexdebugger32.exe f
\Shell\open\Command - K:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bia\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 15:32:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-03 15:34:19
ComboFix-quarantined-files.txt 2008-10-03 12:34:00
ComboFix2.txt 2008-09-25 07:23:11
Pre-Run: 5,108,436,992 bytes free
Post-Run: 5,211,975,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
196 --- E O F --- 2008-10-02 19:16:58
The [B]HijackThis log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:16 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Amazing clock\AClock.exe
C:\Program Files\Amazing clock\aschdler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intelinet\intelin2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AmazingClock] "C:\Program Files\Amazing clock\AClock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 8931 bytes
Thank you!
Hi biencutza
1 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) CleanerĀ© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the ComboFix log
2. the Kaspersky online scanner report
3. a fresh HijackThis log
Thanks peku006
biencutza
2008-10-05, 10:12
Hi peku006!
The log file:
ComboFix 08-10-02.04 - Bia 2008-10-04 22:50:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.570 [GMT 3:00]
Running from: C:\Documents and Settings\Bia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bia\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
2008-10-04 22:11 . 2008-10-04 22:11 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-02 22:23 . 2008-10-02 22:24 <DIR> d-------- C:\rsit
2008-10-02 22:00 . 2008-10-02 22:00 <DIR> d-------- C:\Documents and Settings\Bia\Application Data\Malwarebytes
2008-10-02 21:58 . 2008-10-02 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 21:58 . 2008-10-02 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 21:58 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-02 21:58 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 18:52 . 2008-10-04 22:11 163 --a------ C:\ASWL2K.ini
2008-10-02 18:50 . 2008-10-04 22:09 4 --a------ C:\WINDOWS\system32\GVTunner.ref
2008-10-01 23:42 . 2008-10-01 23:42 <DIR> d-------- C:\Program Files\ASUS
2008-10-01 23:42 . 2006-07-25 21:20 537,600 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-10-01 23:42 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-10-01 23:42 . 2006-06-08 10:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-10-01 23:42 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-10-01 23:42 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-10-01 23:42 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-10-01 23:42 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-10-01 23:42 . 2008-10-01 23:42 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-01 23:42 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-10-01 23:42 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-09-25 10:39 . 2008-09-25 10:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 09:49 . 2008-09-26 23:07 1,647,050 --a------ C:\WINDOWS\setupapi.log.2.old
2008-09-22 01:05 . 2008-09-22 01:05 <DIR> d-------- C:\Program Files\Intelinet
2008-09-22 01:05 . 2008-10-04 22:11 0 --a------ C:\proc.id
2008-09-22 01:05 . 2008-10-04 22:11 0 --a------ C:\asdasd.asdasd
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-21 16:18 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-21 16:16 . 2008-09-21 16:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-19 17:09 . 2008-09-19 17:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Sony Ericsson
2008-09-19 17:09 . 2008-09-19 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Babylon
2008-09-17 14:38 . 2008-09-17 14:38 <DIR> d-------- C:\Documents and Settings\Bia\Application Data\U3
2008-09-06 18:13 . 2008-09-06 18:13 <DIR> d-------- C:\Program Files\Anark
2008-09-06 18:13 . 2006-11-22 16:27 212,992 --a------ C:\WINDOWS\system32\AKCPanel.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 19:11 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2008-10-04 19:09 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-10-04 19:09 --------- d-----w C:\Documents and Settings\Bia\Application Data\VMware
2008-10-01 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 11:48 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-09-22 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-09-21 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
2008-09-21 16:34 --------- d-----w C:\Documents and Settings\Bia\Application Data\F-Secure
2008-09-21 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-09-17 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-09-17 11:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-23 09:53 --------- d-----w C:\Documents and Settings\Bia\Application Data\Teleca
2008-08-23 09:51 --------- d-----w C:\Program Files\Disc2Phone
2008-08-23 09:39 --------- d-----w C:\Documents and Settings\Bia\Application Data\Sony Ericsson
2008-08-23 09:36 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-23 09:36 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-23 09:35 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-21 15:50 --------- d-----w C:\Program Files\oDC
2008-08-04 16:21 --------- d-----w C:\Program Files\VMware
2008-08-04 16:21 --------- d-----w C:\Program Files\Common Files\VMware
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-04 21:54 34,946 ----a-w C:\Program Files\usbview.zip
2007-09-04 12:05 79,168 ----a-w C:\Program Files\usbview.exe
2002-07-15 23:30 4,000,709 ----a-r C:\Program Files\dictionary.db
2002-05-19 17:44 518,656 ----a-w C:\Program Files\Dictionary.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_10.22.47.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-22 10:42:02 59,434 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-01 20:53:04 59,434 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-22 10:42:02 395,026 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 20:53:04 395,026 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-04 19:09:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"AmazingClock"="C:\Program Files\Amazing clock\AClock.exe" [2005-02-14 388608]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Intelinet"="C:\Program Files\Intelinet\Intelinet.exe" [2008-09-21 7368704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-01-02 544768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-11-22 704512]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-16 31552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-12 286720]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2007-01-05 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe" [2007-10-22 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe" [2007-10-22 94208]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 3551456]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-12-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 TPPORT;TPPORT;C:\WINDOWS\system32\drivers\TPPORT.sys [2006-10-19 5024]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-10-04 5112]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-10-04 17962]
R3 IntelinetSecure;IntelinetSecure;C:\Program Files\Intelinet\intelin2.exe [2008-09-17 856064]
S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 474368]
S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [2007-03-08 1466624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}]
\Shell\Auto\command - K:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - K:\activexdebugger32.exe f
\Shell\open\Command - K:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 22:52:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-04 22:54:09
ComboFix-quarantined-files.txt 2008-10-04 19:53:51
ComboFix2.txt 2008-10-03 12:34:20
ComboFix3.txt 2008-09-25 07:23:11
Pre-Run: 5,137,920,000 bytes free
Post-Run: 5,158,137,856 bytes free
183 --- E O F --- 2008-10-04 19:13:19
The Kaspersky online scanner report is an empty file because the scanner didn't find enything.
The fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:49 AM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Amazing clock\AClock.exe
C:\Program Files\Amazing clock\aschdler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intelinet\intelin2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AmazingClock] "C:\Program Files\Amazing clock\AClock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 8890 bytes
I'll wait your advice.
Thank you!
Hi biencutza
Plugin your USB stick (if you have one)
OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:processes
explorer.exe
:files
C:\WINDOWS\system32\activexdebugger32.exe
K:\activexdebugger32.exe
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}]
:commands
[emptytemp]
[start explorer]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Please reply with
OTMoveIt3 Log
Thanks peku006
biencutza
2008-10-06, 00:34
Hello peku006!
This is the OTMoveIt3 Log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\activexdebugger32.exe not found.
File/Folder K:\activexdebugger32.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c472c4-0d17-11dd-89a1-001a4d0ced2f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Bia\LOCALS~1\Temp\vmware-Bia\vmware-vix-Bia-1680.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Bia\LOCALS~1\Temp\etilqs_5zDIXtAo9ka7N31qqo5d scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bia\Local Settings\Application Data\Mozilla\Firefox\Profiles\bfconbv2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10062008_001710
Only after I've clicked the MoveIt! button I saw that the stick was plugged in G:\ and not in K:\. Should I do all again?
Hi biencutza biencutza
Plugin your USB stick in K:
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:files
K:\activexdebugger32.exe
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
run RSIT
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, one log will open. Please post the contents of log.txt<- (will be maximized)
Please reply with
the OTMoveIt3 Log
the log from RSIT (log.txt )
description of any problems you are having with your PC
Thanks peku006
biencutza
2008-10-06, 11:44
Hello peku006!
Everyware I plugin the USB stick it says that is in G:\. I should modify K:\activexdebugger32.exe with G:\activexdebugger32.exe ?
biencutza
2008-10-06, 14:00
Hello peku006
This is OTMoveIt3 Log:
========== FILES ==========
File/Folder G:\activexdebugger32.exe not found.
OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10062008_135340
The log from RSIT:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Bia at 2008-10-06 13:56:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (10%) free of 51 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:35 PM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bia.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 8563 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-25 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2007-01-02 544768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2006-11-22 704512]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\ETcall.exe [2006-12-16 31552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-11-12 286720]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2007-01-05 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SmartSoft PDF Printer (demo) Agent"=C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe [2007-10-22 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"=C:\Program Files\Smart PDF Creator Pro\sspdfagentd.exe [2007-10-22 94208]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2008-03-11 3551456]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-25 185896]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-03-03 72240]
"VMware hqtray"=C:\Program Files\VMware\VMware Workstation\hqtray.exe [2008-03-03 55856]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-08-15 1696256]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-12-17 3810544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2008-10-06 00:17:43 ----SHD---- C:\RECYCLER
2008-10-06 00:17:10 ----D---- C:\_OTMoveIt
2008-10-04 22:54:10 ----A---- C:\ComboFix.txt
2008-10-04 22:50:25 ----D---- C:\ComboFix
2008-10-03 15:31:09 ----A---- C:\Boot.bak
2008-10-03 15:30:58 ----D---- C:\cmdcons
2008-10-02 22:23:47 ----D---- C:\rsit
2008-10-02 22:00:49 ----D---- C:\Documents and Settings\Bia\Application Data\Malwarebytes
2008-10-02 21:58:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 21:58:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 18:52:25 ----A---- C:\ASWL2K.ini
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\RemSvc.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASWLSVC.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASWL2K.exe
2008-10-01 23:42:40 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2008-10-01 23:42:37 ----D---- C:\Program Files\ASUS
2008-09-26 15:13:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-25 10:39:54 ----D---- C:\Program Files\Trend Micro
2008-09-25 10:14:10 ----D---- C:\WINDOWS\erdnt
2008-09-25 10:13:30 ----D---- C:\QooBox
2008-09-25 10:13:28 ----A---- C:\WINDOWS\zip.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\sed.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\grep.exe
2008-09-25 10:13:28 ----A---- C:\WINDOWS\fdsv.exe
2008-09-21 20:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-21 16:36:33 ----D---- C:\WINDOWS\Prefetch
2008-09-21 16:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-21 16:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-21 16:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-21 16:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-21 16:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-21 16:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-21 16:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-21 16:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-21 16:22:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-21 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-21 16:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-21 16:18:54 ----A---- C:\WINDOWS\setuplog.txt
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\scripting
2008-09-21 16:18:03 ----D---- C:\WINDOWS\l2schemas
2008-09-21 16:18:02 ----D---- C:\WINDOWS\system32\en
2008-09-21 16:18:02 ----D---- C:\WINDOWS\system32\bits
2008-09-21 16:16:23 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-21 16:10:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-17 14:38:40 ----D---- C:\Documents and Settings\Bia\Application Data\U3
2008-09-11 08:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
======List of files/folders modified in the last 1 months======
2008-10-06 13:50:34 ----SHD---- C:\WINDOWS\Installer
2008-10-06 13:50:34 ----D---- C:\WINDOWS\Temp
2008-10-06 13:49:38 ----D---- C:\Program Files\Mozilla Firefox
2008-10-06 13:49:18 ----D---- C:\WINDOWS\system32
2008-10-06 13:49:15 ----D---- C:\WINDOWS
2008-10-06 13:47:54 ----D---- C:\Documents and Settings\Bia\Application Data\VMware
2008-10-06 12:36:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-06 12:36:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-06 12:01:11 ----RD---- C:\Program Files
2008-10-06 11:30:33 ----HD---- C:\WINDOWS\inf
2008-10-06 11:30:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-06 01:32:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-06 01:31:49 ----D---- C:\WINDOWS\system32\drivers
2008-10-06 01:31:46 ----D---- C:\WINDOWS\EffectResources
2008-10-04 22:52:44 ----A---- C:\WINDOWS\system.ini
2008-10-04 22:52:15 ----D---- C:\WINDOWS\AppPatch
2008-10-04 22:52:15 ----D---- C:\Program Files\Common Files
2008-10-03 15:31:09 ----RASH---- C:\boot.ini
2008-10-01 23:53:04 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-01 23:42:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 13:03:30 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-25 10:16:40 ----D---- C:\WINDOWS\system32\config
2008-09-22 14:48:22 ----D---- C:\Program Files\F-Secure Internet Security
2008-09-22 13:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-09-22 00:46:38 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-09-21 22:00:48 ----D---- C:\WINDOWS\SHELLNEW
2008-09-21 20:32:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 20:30:28 ----SD---- C:\WINDOWS\Tasks
2008-09-21 20:30:25 ----SH---- C:\AUTOEXEC.BAT
2008-09-21 20:20:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-21 19:34:04 ----D---- C:\Documents and Settings\Bia\Application Data\F-Secure
2008-09-21 18:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-09-21 17:08:01 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-21 16:54:12 ----D---- C:\Documents and Settings\Bia\Application Data\Mozilla
2008-09-21 16:36:18 ----D---- C:\WINDOWS\system32\Setup
2008-09-21 16:36:18 ----D---- C:\Program Files\Messenger
2008-09-21 16:36:17 ----RSD---- C:\WINDOWS\Fonts
2008-09-21 16:36:17 ----D---- C:\WINDOWS\system32\wbem
2008-09-21 16:35:32 ----D---- C:\WINDOWS\security
2008-09-21 16:23:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-21 16:18:28 ----D---- C:\WINDOWS\WinSxS
2008-09-21 16:18:24 ----D---- C:\Program Files\Windows Media Player
2008-09-21 16:18:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-21 16:18:12 ----D---- C:\WINDOWS\network diagnostic
2008-09-21 16:18:12 ----D---- C:\WINDOWS\ime
2008-09-21 16:18:12 ----D---- C:\WINDOWS\Help
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\usmt
2008-09-21 16:18:03 ----D---- C:\WINDOWS\system32\en-US
2008-09-21 16:18:02 ----D---- C:\WINDOWS\PeerNet
2008-09-21 16:18:02 ----D---- C:\Program Files\Movie Maker
2008-09-21 16:16:15 ----D---- C:\WINDOWS\system32\Restore
2008-09-21 16:16:15 ----D---- C:\WINDOWS\system32\npp
2008-09-21 16:16:15 ----D---- C:\WINDOWS\mui
2008-09-21 16:16:14 ----D---- C:\WINDOWS\msagent
2008-09-21 16:16:13 ----D---- C:\WINDOWS\srchasst
2008-09-21 16:16:13 ----D---- C:\Program Files\NetMeeting
2008-09-21 16:16:12 ----D---- C:\WINDOWS\system32\Com
2008-09-21 16:16:10 ----D---- C:\Program Files\Windows NT
2008-09-21 16:16:10 ----D---- C:\Program Files\Outlook Express
2008-09-21 16:16:07 ----D---- C:\Program Files\Common Files\System
2008-09-21 16:15:53 ----D---- C:\WINDOWS\system32\oobe
2008-09-21 16:15:51 ----D---- C:\WINDOWS\system
2008-09-21 16:13:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-21 16:10:36 ----D---- C:\WINDOWS\ehome
2008-09-17 15:16:58 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2004-06-06 45952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-01 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-12-22 15781]
R2 TPPORT;TPPORT; C:\WINDOWS\system32\drivers\TPPORT.sys [2006-10-19 5024]
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HdAudAddService;VIA High Definition Audio Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2006-11-09 136448]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; C:\WINDOWS\system32\drivers\SYMIDSCO.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vvftav;vvftav; C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 474368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;USB PC Camera VC305; C:\WINDOWS\System32\Drivers\usbVM305.sys [2007-03-08 1466624]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-01 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IntelinetSecure;IntelinetSecure; C:\Program Files\Intelinet\intelin2.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-11-30 186928]
-----------------EOF-----------------
Hi biencutza
Congratulations, your log looks clean! :)
Time for some housekeeping
Click START then RUN
Now type Combofix /u in the runbox and click OK
http://i147.photobucket.com/albums/r301/DFW_photos/CF_Cleanup.png
When shown the disclaimer, Select "2"
Double click OTMoveIt3.exe to launch the programme.
Click on the CleanUp! button.
OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
When finished exit out of OTMoveIt
The tool will delete itself once it finishes, if not delete it by yourself.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.1
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb: