Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: My PC shows signs of being a "zombie"

  1. #11
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    Avenger results:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\pcmrycea

    *******************

    Script file located at: \??\C:\WINDOWS\system32\eahmdraj.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver windev-45ed-4750 unloaded successfully.
    File C:\WINDOWS\system32\windev-peers.ini deleted successfully.
    File C:\WINDOWS\system32\drivers\uzcx.exe deleted successfully.
    File C:\DOCUME~1\Eric\moviesdvds1176.exe deleted successfully.
    File C:\WINDOWS\adv.194.exe deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Fresh HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:58:05 AM, on 4/17/2007
    Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\v7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\vwsrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Eric\Desktop\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VaCtrls] v7
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe






    I copied and pasted "C:\WINDOWS\System32\Drivers\SPTD1805.SYS" into the search field at VirusTotal and then clicked "send". It said "0 bytes size received." Did I do something wrong?

  2. #12
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Hi again

    Please run a scan with HijackThis and check the following objects for removal:

    O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
    O4 - HKLM\..\Run: [VaCtrls] v7
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe


    Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

    ==

    Please go to UploadMalware to upload files for analysis.
    • Enter your username from this forum
    • Copy and paste the link to this thread
    • Paste the following filepath to the first box:
      C:\WINDOWS\system32\vwsrv.exe
    • And this one to the second:
      C:\WINDOWS\System32\Drivers\SPTD1805.SYS
    • In the comments, please mention that I asked you to upload these files.
    • Click on Send File.
    • Thank you!


    ==

    Once that is done,

    Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

    @echo off
    sc stop vwservice
    sc delete vwservice
    Double-click on Removeservice.bat. A window will pop up and close. This is normal.

    ==

    Next, please reboot your computer in Safe Mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.
    5) Choose your usual account.


    Once in Safe Mode, please navigate to and delete the following file and folder if found:

    C:\WINDOWS\system32\v7.exe
    C:\Program Files\Ipwindows


    Empty recycle bin. Reboot back into Normal mode.

    ==

    Once you have done all this, please let me know how it went.

    Also, please rerun ComboFix and post back with a fresh log from it
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  3. #13
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    Used HJT on three files, seemed to go smoothly.

    Uploaded two files to UploadMalware as requested- vwsrv.exe was successfully uploaded, but SPTD1805.SYS gave a "0 Bytes, this did not work" message.

    Ran removeservice.bat., started safe mode. Found the v7.exe file and deleted it, but did not find the Ipwindows folder. Emptied recycle bin and rebooted to run combofix. Log posted below:

    "Eric" - 07-04-18 9:17:01 Service Pack 2, v.2096
    ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Eric\Desktop"


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


    2007-04-17 06:55 <DIR> d-------- C:\avenger
    2007-04-17 06:51 7,168 --a------ C:\WINDOWS\system32\vwsrv.exe
    2007-04-17 06:51 11,264 --a------ C:\WINDOWS\abc1006def.exe
    2007-04-16 04:57 3,893 --a------ C:\WINDOWS\loadadv605.exe
    2007-04-16 03:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-04-14 14:09 <DIR> d-------- C:\Program Files\MovieBox
    2007-04-14 00:58 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-04-13 10:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-04-13 10:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-04-13 09:46 <DIR> d-------- C:\Program Files\Lavasoft
    2007-04-13 09:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-13 09:46 <DIR> d-------- C:\DOCUME~1\Eric\APPLIC~1\Lavasoft
    2007-04-13 05:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-04-13 00:51 <DIR> d-------- C:\DOCUME~1\Eric\.housecall6.6
    2007-04-07 04:56 <DIR> d-------- C:\Program Files\FirstClass
    2007-04-07 04:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FirstClass


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-14 00:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-14 00:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-14 00:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-14 00:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-14 00:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-14 00:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
    2007-04-13 11:05 -------- d-------- C:\Program Files\seekmo programs
    2007-04-10 04:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-04-07 04:56 -------- d--h----- C:\Program Files\installshield installation information
    2007-02-24 14:10 -------- d-------- C:\Program Files\java


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "EPSON Stylus Photo 960"="C:\\WINDOWS\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P22 \"EPSON Stylus Photo 960\" /O5 \"LPT1:\" /M \"Stylus Photo 960\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SoundMan"="SOUNDMAN.EXE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "VaCtrls"="v7"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-18 9:18:10
    C:\ComboFix-quarantined-files.txt ... 07-04-18 09:18
    C:\ComboFix2.txt ... 07-04-15 02:13

  4. #14
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Again, please print the instructions or save them to a notepad file for easier reference.

    Please reboot into Safe Mode, navigate to and delete these files once in Safe Mode (if present):

    C:\WINDOWS\system32\vwsrv.exe
    C:\WINDOWS\abc1006def.exe
    C:\WINDOWS\loadadv605.exe


    Empty recycle bin again.

    ==

    While in Safe Mode, please navigate to and find the following file:

    C:\WINDOWS\System32\Drivers\SPTD1805.SYS

    Now, please right-click on it and choose cut. Now, navigate to your C:\ - drive, right-click somewhere in the directory and choose paste.

    If you cannot see it or find it, try with hidden files shown (go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.)

    ==

    Now reboot back into normal mode.

    Once in regular Windows, please try again the following;

    surf here http://virustotal.com

    Then submit the following file C:\SPTD1805.SYS and paste back with the results.

    Let me know how it went.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  5. #15
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    First three mentioned files successfully found in safe mode and deleted.

    Moved and scanned SPTD1805. Results:

    Complete scanning result of "SPTD1805.SYS", received in VirusTotal at 04.20.2007, 02:13:00 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.4.19.1 04.19.2007 no virus found
    AntiVir 7.3.1.53 04.19.2007 no virus found
    Authentium 4.93.8 04.18.2007 no virus found
    Avast 4.7.981.0 04.19.2007 no virus found
    AVG 7.5.0.464 04.19.2007 no virus found
    BitDefender 7.2 04.20.2007 no virus found
    CAT-QuickHeal 9.00 04.19.2007 no virus found
    ClamAV devel-20070416 04.19.2007 no virus found
    DrWeb 4.33 04.19.2007 no virus found
    eSafe 7.0.15.0 04.19.2007 no virus found
    eTrust-Vet 30.7.3579 04.19.2007 no virus found
    Ewido 4.0 04.19.2007 no virus found
    FileAdvisor 1 04.20.2007 No threat detected
    Fortinet 2.85.0.0 04.19.2007 no virus found
    F-Prot 4.3.2.48 04.18.2007 no virus found
    F-Secure 6.70.13030.0 04.20.2007 no virus found
    Ikarus T3.1.1.5 04.19.2007 no virus found
    Kaspersky 4.0.2.24 04.20.2007 no virus found
    McAfee 5013 04.19.2007 no virus found
    Microsoft 1.2405 04.20.2007 no virus found
    NOD32v2 2205 04.19.2007 no virus found
    Norman 5.80.02 04.19.2007 no virus found
    Panda 9.0.0.4 04.19.2007 no virus found
    Prevx1 V2 04.20.2007 no virus found
    Sophos 4.16.0 04.17.2007 no virus found
    Sunbelt 2.2.907.0 04.19.2007 no virus found
    Symantec 10 04.20.2007 no virus found
    TheHacker 6.1.6.095 04.15.2007 no virus found
    VBA32 3.11.3 04.19.2007 no virus found
    VirusBuster 4.3.7:9 04.19.2007 no virus found
    Webwasher-Gateway 6.0.1 04.19.2007 no virus found

    Aditional Information
    File size: 96512 bytes
    MD5: 1997a6dfb465c816066a43c58a0d71c9
    SHA1: bb615e41e135dacf6628748705735b6026c3e8b1
    Bit9 info: http://fileadvisor.bit9.com/services...6a43c58a0d71c9

  6. #16
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Hows the system running right now?

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.


    ==

    Also, please download ComboScan to your desktop.
    • Close all applications and windows.
    • Double-click on comboscan.exe to run it -- follow the prompts.
    • The scan may take a minute. When the scan is complete, a text file will open (ComboScan.txt), please copy & paste all of it's content here.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  7. #17
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    Computer seems to be running as good as new, although you'll probably have to tell me that's not yet the case

    ActiveScan log:

    Incident Status Location

    Adware:Adware/Adsmart Not disinfected C:\avenger\backup.zip[avenger/adv.194.exe]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Eric\Cookies\eric@2o7[1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Cookies\eric@atwola[1].txt
    Adware:Adware/MovieBox Not disinfected C:\Program Files\MovieBox\Uninstall.exe
    Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
    Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\QooBox\Quarantine\Program Files\BraveSentry\BraveSentry0.dll.vir
    Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\QooBox\Quarantine\Program Files\BraveSentry\BraveSentry1.dll.vir
    Potentially unwanted tool:Application/BraveSentry Not disinfected C:\QooBox\Quarantine\Program Files\BraveSentry\BraveSentry2.dll.vir
    Potentially unwanted tool:Application/BraveSentry Not disinfected C:\QooBox\Quarantine\Program Files\BraveSentry\BraveSentry3.dll.vir
    Adware:Adware/BraveSentry Not disinfected C:\QooBox\Quarantine\Program Files\BraveSentry\Uninstall.exe.vir
    Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\Program Files\Ipwindows\ipwins.dll.vir
    Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\Program Files\Ipwindows\ipwins.exe.vir
    Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\Program Files\Ipwindows\UnInstall.exe.vir
    Adware:Adware/Adsmart Not disinfected C:\QooBox\Quarantine\WINDOWS\system32\kernels32.exe.vir
    Potentially unwanted tool:Application/Processor

    ComboScan:
    ComboScan v20070306.20 run by Eric on 2007-04-22 at 04:33:16
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created ComboScan Restore Point.


    -- Last 5 Restore Point(s) --
    68: 2007-04-22 11:33:24 UTC - RP229 - ComboScan Restore Point
    67: 2007-04-21 22:34:54 UTC - RP228 - System Checkpoint
    66: 2007-04-19 19:58:05 UTC - RP227 - System Checkpoint
    65: 2007-04-18 16:50:57 UTC - RP226 - System Checkpoint
    64: 2007-04-13 16:46:30 UTC - RP225 - Installed Ad-Aware SE Personal


    -- First Restore Point --
    1: 2007-01-20 09:28:52 UTC - RP162 - System Checkpoint


    Performed disk cleanup.


    -- HijackThis (run as Eric.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 4:33:30 AM, on 4/22/2007
    Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Eric\Desktop\comboscan.exe
    C:\DOCUME~1\Eric\Desktop\Eric.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VaCtrls] v7
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    -- HijackThis Fixed Entries (C:\DOCUME~1\Eric\Desktop\backups\) ----------------

    backup-20070418-090430-140 O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    backup-20070418-090430-360 O4 - HKLM\..\Run: [VaCtrls] v7
    backup-20070418-090430-567 O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe

    -- File Associations -----------------------------------------------------------

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
    3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
    1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
    2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
    3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
    1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
    1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
    3S dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
    3R Eplpdx02 - C:\WINDOWS\system32\drivers\EPLPDX02.SYS
    3R FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
    3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
    3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFBS2S2.sys
    3R HSF_DP - C:\WINDOWS\system32\drivers\HSFDPSP2.sys
    2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
    3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
    0S sptd - C:\WINDOWS\system32\drivers\sptd.sys
    3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
    3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
    3R winachsf - C:\WINDOWS\system32\drivers\HSFCXTS2.sys
    1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    2R EpsonBidirectionalService - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    2R EPSONStatusAgent2 (EPSON Printer Status Agent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    3S SCardDrv (Smart Card Helper) - C:\WINDOWS\System32\SCardSvr.exe
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe


    -- Files created between 2007-03-22 and 2007-04-22 -----------------------------

    2007-04-22 03:42:13 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
    2007-04-22 03:42:11 0 d-------- C:\WINDOWS\LastGood
    2007-04-17 06:55:25 0 d-------- C:\avenger
    2007-04-16 04:35:14 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
    2007-04-16 03:47:41 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-04-16 03:47:37 0 d-------- C:\Program Files\Grisoft
    2007-04-15 01:50:54 0 d-------- C:\SDFix
    2007-04-14 14:09:50 0 d-------- C:\Program Files\MovieBox
    2007-04-14 00:58:46 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-04-13 10:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-04-13 10:03:47 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-04-13 09:46:37 0 d-------- C:\Documents and Settings\Eric\Application Data\Lavasoft
    2007-04-13 09:46:31 0 d-------- C:\Program Files\Lavasoft
    2007-04-13 09:46:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
    2007-04-13 05:16:39 0 d-------- C:\WINDOWS\system32\LogFiles
    2007-04-13 00:51:45 0 d-------- C:\Documents and Settings\Eric\.housecall6.6<HOUSEC~1.6>
    2007-04-07 04:56:46 0 d-------- C:\Program Files\FirstClass<FIRSTC~1>
    2007-04-07 04:56:46 0 d-------- C:\Documents and Settings\All Users\Application Data\FirstClass<FIRSTC~1>


    -- Find3M Report ---------------------------------------------------------------

    2007-04-22 04:22:46 0 d-------- C:\Program Files\Winamp
    2007-04-22 04:22:28 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
    2007-04-22 04:22:07 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-04-14 00:42:43 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-04-13 11:05:43 0 d-------- C:\Program Files\Seekmo Programs<SEEKMO~1>
    2007-04-10 04:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-04-07 04:56:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-04-06 10:02:34 0 d---s---- C:\Documents and Settings\Eric\Application Data\Microsoft<MICROS~1>
    2007-02-24 14:10:24 0 d-------- C:\Program Files\Java
    2007-02-03 16:30:05 96512 --a------ C:\sptd1805.sys


    -- Registry Dump ---------------------------------------------------------------


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "EPSON Stylus Photo 960"="C:\\WINDOWS\\system32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P22 \"EPSON Stylus Photo 960\" /O5 \"LPT1:\" /M \"Stylus Photo 960\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SoundMan"="SOUNDMAN.EXE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "VaCtrls"="v7"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

  8. #18
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    ...continued:




    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    -- End of ComboScan: finished at 2007-04-22 at 04:33:47 ------------------------

  9. #19
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Uninstall the following entry if found under Add/Remove Programs list:

    MovieBox

    Now, please delete the following folder and file if found (if you are unable to delete them, please try again in Safe Mode):

    C:\Program Files\MovieBox
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll


    Please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg to your desktop.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "VaCtrls"=-
    Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

    ==

    Now you can go ahead and move sptd1805.sys back to it's original directory..

    Locate C:\sptd1805.sys, right-click the file, choose cut and navigate to

    C:\WINDOWS\System32\drivers

    Right-click on the folder screen and choose to paste the file there.

    ==

    Updating Java and Clearing Cache
    • Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
    • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
      It should have next icon next to it:
      Select it and click Remove.
      1. Now please install the Java Runtime Environment (JRE) 6 manually..
      2. Note to reboot the computer after updating:
      3. After the reboot, go back into the Control Panel and double-click the Java Icon.
      4. Under Temporary Internet Files, click the Delete Files button.
      5. There are three options in the window to clear the cache - Leave ALL 3 Checked
        • Downloaded Applets
          Downloaded Applications
          Other Files
      6. Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      7. Click OK to leave the Java Control Panel.


    ===

    Post one more HijackThis log please
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  10. #20
    Junior Member
    Join Date
    Apr 2007
    Posts
    14

    Default

    Here 'tis

    Logfile of HijackThis v1.99.1
    Scan saved at 5:37:52 AM, on 4/23/2007
    Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Eric\Desktop\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •