WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] I Think I Have A Virus: Check_lsa7.txt
Started by
vishi
, Sep 10 2007 05:49 AM
-
This topic is locked
12 replies to this topic
#1
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 10 September 2007 - 05:49 AM
Register to Remove
#2
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 10 September 2007 - 08:59 AM
Hi! Welcome to the WTT forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to hello.exe
Now scan again and post a new log, please.
Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to hello.exe
Now scan again and post a new log, please.
Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
#3
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 10 September 2007 - 02:06 PM
Hi Scott, thank you very much for help me. I am posting what you've said below. In addition, in ran AdAware and it found a bunch of ugliness and removed it. Here is the HJT log (renamed hjt.exe to hello.exe as u said) followed by uninstall_list
Logfile of HijackThis v1.99.1
Scan saved at 3:54:23 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D6BD2F1-1642-4592-3024-4E71BF0194EA} - C:\WINDOWS\system32\uhd.dll
O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - C:\WINDOWS\system32\wvurpmn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\xahlbilh.dll
O2 - BHO: (no name) - {DA8F7D37-BF39-4DB6-A835-8F14E1772A0F} - C:\WINDOWS\system32\geeba.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O20 - Winlogon Notify: wvurpmn - C:\WINDOWS\SYSTEM32\wvurpmn.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\bmqpwnnt.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
----------------
AAA PDF Password Remover V2.0
ABBYY Lingvo 12 Multilingual Edition
Ad-Aware SE Personal
Adobe Acrobat 8 Professional - English, Francais, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe InDesign CS2 Trial
Adobe Photoshop 7.0
Adobe Reader 8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AIM 6.0
Amos 7
Apache HTTP Server 2.0.55
Apple Software Update
ASUS Enhanced Display Driver
ATI Display Driver
AudioConverter
AVI Joiner
Azureus
CalorieKing Nutrition and Exercise Manager (remove only)
Cool Edit 2000
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
DVDSubber 1.0 (remove only)
EN
EndNote X.0.2 Volume License Edition
EPSON Printer Software
FLAC 1.1.4b (remove only)
FontNav
Glance 2.1
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grammatica 6.1
Hidden Finder 1.3.04
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
iDSC Demo
InCD
Intel® PRO Network Connections Drivers
Ipswitch WS_FTP Home 2007
ISI ResearchSoft - Export Helper
iTunes
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.50 Full
L&H TTS3000 Russian
Lernout & Hauspie TruVoice American English TTS Engine
Liberty BASIC v4.03
LiveUpdate 2.6 (Symantec Corporation)
Lizardtech DjVu Control
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MagicDisc 2.5.74
MathType 5
MATLAB 6.1
MetaFrame Presentation Server Web Client for Win32
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Proofing Tools Disc 1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Move Networks Player for Internet Explorer
Mozilla Firefox (1.5.0.9)
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero OEM
Paradigm Beta 5
PeerGuardian 2.0
Picasa 2
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0 Demo
PPLive 1.8
PPStream
Pronunciation Power 2
Python 2.4
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RSD_LITE_2_7
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sentinel System Driver 5.41.1 (32-bit)
Skype™ 3.2
Sonic Foundry Sound Forge 6.0
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
SPSS 15.0 for Windows
SPSS SmartViewer 15.0
SubSync
Symantec AntiVirus
SYSTAT 12
SYSTAT 12 Manuals
The Rosetta Stone
Time Adjuster v2.9 (STANDARD)
Ultralingua 6.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Manager
VBA
VideoLAN VLC media player 0.8.6a
VMware Workstation
Vocaboly 2.1
VoiceExplorer2005®
VPN Client
WIDCOMM Bluetooth Software
WinAce Archiver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WordWeb
YPOPs! 0.8.8
#4
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 10 September 2007 - 02:23 PM
P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Download and Run ComboFix
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Download and Run ComboFix
- Download this file from below:
Here
- Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
#5
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 10 September 2007 - 04:27 PM
Hey, Scott, thanks again.
Here are the two logs:
ComboFix 07-09-10.6 - "vishi" 2007-09-10 17:59:33.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.271 [GMT -4:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ECURIT~1
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\#SharedObjects\UMSAQJ5N\www.broadcaster.com
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\rejojire
C:\Program Files\rejojire\zajcjepy.dll
C:\Program Files\sembly~1
C:\Program Files\sembly~1\сhkntfs.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\bmqpwnnt.exe
C:\WINDOWS\system32\cluuqcjm.ini
C:\WINDOWS\system32\mjcquulc.dll
C:\WINDOWS\system32\rqyalxur.dll
C:\WINDOWS\system32\ruxlayqr.ini
C:\WINDOWS\system32\uhd.dll
C:\WINDOWS\system32\wineil32.dll
C:\WINDOWS\system32\wvurpmn.dll
C:\WINDOWS\system32\xahlbilh.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 14:50 <DIR> d----c--- C:\Temp\~nsu.tmp
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-10 08:51 93,696 --a------ C:\WINDOWS\system32\drvwor.dll
2007-09-10 08:51 2,042,255 ---hs---- C:\WINDOWS\system32\abeeg.bak2
2007-09-10 08:51 15,360 --a------ C:\WINDOWS\system32\drvworr.dll
2007-09-09 21:50 65,400 ---hsc--- C:\Temp\idoaalxg.dll
2007-09-09 21:46 74,176 ---hsc--- C:\Temp\sbutflvh.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-09 09:44 2,038,332 ---hs---- C:\WINDOWS\system32\abeeg.bak1
2007-09-09 09:43 244,832 --a------ C:\WINDOWS\system32\geeba.dll
2007-09-02 20:23 <DIR> d-------- C:\Program Files\PPStream
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-09-02 19:33 <DIR> d-------- C:\Program Files\AMOS 7
2007-09-02 19:31 <DIR> d-------- C:\Program Files\SPSS Viewer
2007-09-02 19:25 1,929,216 --a------ C:\WINDOWS\system32\cdintf250.dll
2007-09-02 19:22 <DIR> d-------- C:\Program Files\SPSS
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 18:07 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-22 05:23 --------- d-------- C:\Program Files\Google
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-07-13 14:46 --------- d-------- C:\Program Files\Picasa2
2007-06-26 11:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-03-10 16:44 2238 --a------ C:\Program Files\stzsys.txt
2007-04-09 22:29:17 168 --sh--r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E0BE13F-46EB-47DF-9E43-BE2AAD1336E9}]
2007-09-09 09:43 244832 --a------ C:\WINDOWS\system32\geeba.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2005-11-15 14:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\geeba
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvwor.dll,startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]
C:\WINDOWS\system32\bmqpwnnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 960]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frmcvvht]
"C:\Program Files\аѕsembly\сhkntfs.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
rundll32.exe "C:\WINDOWS\system32\jkmnsabu.dll",setvm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"G:\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\rqyalxur.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:07:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 18:10:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:10
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 6:12:09 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5E0BE13F-46EB-47DF-9E43-BE2AAD1336E9} - C:\WINDOWS\system32\geeba.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Here are the two logs:
ComboFix 07-09-10.6 - "vishi" 2007-09-10 17:59:33.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.271 [GMT -4:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ECURIT~1
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\#SharedObjects\UMSAQJ5N\www.broadcaster.com
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\rejojire
C:\Program Files\rejojire\zajcjepy.dll
C:\Program Files\sembly~1
C:\Program Files\sembly~1\сhkntfs.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\bmqpwnnt.exe
C:\WINDOWS\system32\cluuqcjm.ini
C:\WINDOWS\system32\mjcquulc.dll
C:\WINDOWS\system32\rqyalxur.dll
C:\WINDOWS\system32\ruxlayqr.ini
C:\WINDOWS\system32\uhd.dll
C:\WINDOWS\system32\wineil32.dll
C:\WINDOWS\system32\wvurpmn.dll
C:\WINDOWS\system32\xahlbilh.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 14:50 <DIR> d----c--- C:\Temp\~nsu.tmp
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-10 08:51 93,696 --a------ C:\WINDOWS\system32\drvwor.dll
2007-09-10 08:51 2,042,255 ---hs---- C:\WINDOWS\system32\abeeg.bak2
2007-09-10 08:51 15,360 --a------ C:\WINDOWS\system32\drvworr.dll
2007-09-09 21:50 65,400 ---hsc--- C:\Temp\idoaalxg.dll
2007-09-09 21:46 74,176 ---hsc--- C:\Temp\sbutflvh.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-09 09:44 2,038,332 ---hs---- C:\WINDOWS\system32\abeeg.bak1
2007-09-09 09:43 244,832 --a------ C:\WINDOWS\system32\geeba.dll
2007-09-02 20:23 <DIR> d-------- C:\Program Files\PPStream
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-09-02 19:33 <DIR> d-------- C:\Program Files\AMOS 7
2007-09-02 19:31 <DIR> d-------- C:\Program Files\SPSS Viewer
2007-09-02 19:25 1,929,216 --a------ C:\WINDOWS\system32\cdintf250.dll
2007-09-02 19:22 <DIR> d-------- C:\Program Files\SPSS
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 18:07 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-22 05:23 --------- d-------- C:\Program Files\Google
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-07-13 14:46 --------- d-------- C:\Program Files\Picasa2
2007-06-26 11:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-03-10 16:44 2238 --a------ C:\Program Files\stzsys.txt
2007-04-09 22:29:17 168 --sh--r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E0BE13F-46EB-47DF-9E43-BE2AAD1336E9}]
2007-09-09 09:43 244832 --a------ C:\WINDOWS\system32\geeba.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2005-11-15 14:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\geeba
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvwor.dll,startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]
C:\WINDOWS\system32\bmqpwnnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 960]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frmcvvht]
"C:\Program Files\аѕsembly\сhkntfs.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
rundll32.exe "C:\WINDOWS\system32\jkmnsabu.dll",setvm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"G:\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\rqyalxur.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:07:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 18:10:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:10
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 6:12:09 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5E0BE13F-46EB-47DF-9E43-BE2AAD1336E9} - C:\WINDOWS\system32\geeba.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
#6
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 11 September 2007 - 02:45 AM
Hi
Open Notepad and Copy/Paste the text in the codebox below into it:
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.
Open Notepad and Copy/Paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\drvwor.dll
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\drvworr.dll
C:\Temp\idoaalxg.dll
C:\Temp\sbutflvh.exe
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\geeba.dll
C:\Program Files\stzsys.txt
C:\\WINDOWS\\system32\\geeba
C:\WINDOWS\system32\bmqpwnnt.exe
C:\WINDOWS\system32\jkmnsabu.dll
C:\WINDOWS\system32\rqyalxur.dll
Folder::
C:\Program Files\аѕsembly
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E0BE13F-46EB-47DF-9E43-BE2AAD1336E9}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frmcvvht]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.
- Please go HERE to run PandaActiveScan...
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.
- new Combofix log
- Panda Scan report
- new HijackThis log
#7
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 11 September 2007 - 07:36 AM
Hello Scotty, continuous thank you! I did what you've said. Here are the logs:
ComboFix 07-09-10.6 - "vishi" 2007-09-11 8:36:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.170 [GMT -4:00]
* Created a new restore point
FILE::
C:\WINDOWS\system32\drvwor.dll
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\drvworr.dll
C:\Temp\idoaalxg.dll
C:\Temp\sbutflvh.exe
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\geeba.dll
C:\Program Files\stzsys.txt
C:\\WINDOWS\\system32\\geeba
C:\WINDOWS\system32\bmqpwnnt.exe
C:\WINDOWS\system32\jkmnsabu.dll
C:\WINDOWS\system32\rqyalxur.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\stzsys.txt
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\drvwor.dll
C:\WINDOWS\system32\geeba.dll
((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.
2007-09-11 08:26 <DIR> d-------- C:\TEMP\Google Toolbar
2007-09-11 01:01 2,012,190 --ahs---- C:\WINDOWS\system32\abeeg.ini2
2007-09-10 22:41 <DIR> d-------- C:\TEMP
2007-09-10 19:30 <DIR> d-------- C:\Program Files\SPSS
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 08:35 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-22 05:23 --------- d-------- C:\Program Files\Google
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-07-13 14:46 --------- d-------- C:\Program Files\Picasa2
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-04-09 22:29:17 168 --sha-r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\qttask.exe" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"EPSON Stylus Photo 960"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 03:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Frmcvvht"="C:\Program Files\аѕsembly\сhkntfs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 08:45:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-11 8:46:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 08:46
C:\ComboFix2.txt ... 2007-09-10 22:41
C:\ComboFix3.txt ... 2007-09-10 18:10
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:48:14 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Frmcvvht] "C:\Program Files\a?sembly\nhkntfs.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
and PANDRA report is on its way...
Thanks again.
ComboFix 07-09-10.6 - "vishi" 2007-09-11 8:36:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.170 [GMT -4:00]
* Created a new restore point
FILE::
C:\WINDOWS\system32\drvwor.dll
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\drvworr.dll
C:\Temp\idoaalxg.dll
C:\Temp\sbutflvh.exe
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\geeba.dll
C:\Program Files\stzsys.txt
C:\\WINDOWS\\system32\\geeba
C:\WINDOWS\system32\bmqpwnnt.exe
C:\WINDOWS\system32\jkmnsabu.dll
C:\WINDOWS\system32\rqyalxur.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\stzsys.txt
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\drvwor.dll
C:\WINDOWS\system32\geeba.dll
((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.
2007-09-11 08:26 <DIR> d-------- C:\TEMP\Google Toolbar
2007-09-11 01:01 2,012,190 --ahs---- C:\WINDOWS\system32\abeeg.ini2
2007-09-10 22:41 <DIR> d-------- C:\TEMP
2007-09-10 19:30 <DIR> d-------- C:\Program Files\SPSS
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 08:35 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-22 05:23 --------- d-------- C:\Program Files\Google
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-07-13 14:46 --------- d-------- C:\Program Files\Picasa2
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-04-09 22:29:17 168 --sha-r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\qttask.exe" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"EPSON Stylus Photo 960"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 03:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Frmcvvht"="C:\Program Files\аѕsembly\сhkntfs.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 08:45:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-11 8:46:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 08:46
C:\ComboFix2.txt ... 2007-09-10 22:41
C:\ComboFix3.txt ... 2007-09-10 18:10
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:48:14 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Frmcvvht] "C:\Program Files\a?sembly\nhkntfs.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
and PANDRA report is on its way...
Thanks again.
#8
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 11 September 2007 - 08:24 AM
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.hotlog.ru/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.dist.belnk.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.as-eu.falkag.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.as-us.falkag.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.spylog.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.findwhat.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.phg.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.bfast.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[counter.hitslink.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Application Data\Mozilla\Firefox\Profiles\glqod602.default\cookies-1.txt[.did-it.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Cookies\vishi@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Cookies\vishi@drivecleaner[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\vishi.VISHICLIENT\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/Processor Not disinfected E:\desktop mix june 05\VX2_removal_set\Nailfix\Process.exe
Spyware:Spyware/7r7t Not disinfected E:\overnet incoming\Jerry Seinfeld - Stand Up Comedy (Full CD).rar[Jerry Seinfeld - Stand Up Comedy (Full CD).exe]
#9
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 11 September 2007 - 08:49 AM
Hi
What is your E-drive? A partition?
Open Notepad and Copy/Paste the text in the codebox below into it:
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.
What is your E-drive? A partition?
Open Notepad and Copy/Paste the text in the codebox below into it:
File:: C:\WINDOWS\system32\abeeg.ini2 Folder:: C:\Program Files\аѕsembly Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Frmcvvht"=-
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.
#10
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 11 September 2007 - 11:00 PM
thanks, scotty! yes, my E drive is a partition indeed.
here is my combofix scan followed by hjt scan:
ComboFix 07-09-10.6 - "vishi" 2007-09-12 0:50:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.140 [GMT -4:00]
* Created a new restore point
FILE::
C:\WINDOWS\system32\abeeg.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\abeeg.ini2
((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.
2007-09-11 08:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-11 08:51 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-11 08:50 <DIR> d-------- C:\TEMP\Google Toolbar
2007-09-11 08:46 <DIR> d-------- C:\TEMP
2007-09-10 19:30 <DIR> d-------- C:\Program Files\SPSS
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 09:41 --------- d-------- C:\Program Files\TotalAudioConverter
2007-09-11 09:40 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-11 09:37 --------- d-------- C:\Program Files\PowerISO
2007-09-11 09:37 --------- d-------- C:\Program Files\Picasa2
2007-09-11 09:34 --------- d-------- C:\Program Files\Google
2007-09-11 09:27 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-11 09:18 --------- d-------- C:\Program Files\ABBYY Lingvo 12
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-06-26 11:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-04-09 22:29:17 168 --sha-r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2007-09-11_ 84553.75 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 141,424 2006-08-24 12:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
----a-w 73,728 2006-08-02 16:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 11,776 2003-03-25 22:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 13:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-05 20:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 18:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 15:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 17:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-16 22:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-25 22:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 19:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 17:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 14:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 17:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-16 22:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-05 20:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 18:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 18:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 17:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 17:06:08 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 15:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 15:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 12:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 18:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 14:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 14:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-20 20:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 13:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 14:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 18:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 18:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 17:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 12:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 12:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-18 21:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 18:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 10:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-02-28 21:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\qttask.exe" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"EPSON Stylus Photo 960"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 03:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 00:52:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-12 0:53:53
C:\ComboFix-quarantined-files.txt ... 2007-09-12 00:53
C:\ComboFix2.txt ... 2007-09-11 08:46
C:\ComboFix3.txt ... 2007-09-10 22:41
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:54:42 AM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
here is my combofix scan followed by hjt scan:
ComboFix 07-09-10.6 - "vishi" 2007-09-12 0:50:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.140 [GMT -4:00]
* Created a new restore point
FILE::
C:\WINDOWS\system32\abeeg.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\abeeg.ini2
((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.
2007-09-11 08:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-11 08:51 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-11 08:50 <DIR> d-------- C:\TEMP\Google Toolbar
2007-09-11 08:46 <DIR> d-------- C:\TEMP
2007-09-10 19:30 <DIR> d-------- C:\Program Files\SPSS
2007-09-10 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 08:52 76,230 --a------ C:\Program Files\setup.exe
2007-09-09 11:13 <DIR> d-------- C:\Program Files\CoolEdit
2007-09-02 20:23 <DIR> d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\ppstream
2007-09-02 20:13 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-09-02 19:33 <DIR> d-------- C:\Program Files\Common Files\Data Dynamics
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-08-22 06:10 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-08-22 06:06 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-22 06:06 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-08-15 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 09:41 --------- d-------- C:\Program Files\TotalAudioConverter
2007-09-11 09:40 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-11 09:37 --------- d-------- C:\Program Files\PowerISO
2007-09-11 09:37 --------- d-------- C:\Program Files\Picasa2
2007-09-11 09:34 --------- d-------- C:\Program Files\Google
2007-09-11 09:27 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-11 09:18 --------- d-------- C:\Program Files\ABBYY Lingvo 12
2007-09-10 17:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Skype
2007-09-09 11:01 --------- d-------- C:\Program Files\Sony
2007-09-09 10:59 --------- d-------- C:\Program Files\VSTplugins
2007-09-09 10:57 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\Azureus
2007-09-02 20:31 --------- d-------- C:\Program Files\PPLive
2007-09-02 19:54 --------- d-------- C:\DOCUME~1\VISHI~1.VIS\APPLIC~1\PPLive
2007-09-02 19:20 --------- d-------- C:\Program Files\MagicISO
2007-08-24 07:10 --------- d-------- C:\Program Files\PeerGuardian2
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:58 --------- d-------- C:\Program Files\IPA93
2007-06-26 11:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-04-09 22:29:17 168 --sha-r C:\WINDOWS\system32\587E1BDE79.sys
2006-05-07 12:19:43 56 --sh--r C:\WINDOWS\system32\79DE1B7E58.sys
2007-05-24 20:56:36 4,286 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2007-09-11_ 84553.75 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 141,424 2006-08-24 12:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
----a-w 73,728 2006-08-02 16:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 11,776 2003-03-25 22:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 13:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-05 20:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 18:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 15:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 17:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-16 22:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-25 22:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 19:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 17:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 14:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 17:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-16 22:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-05 20:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 18:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 18:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 17:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 17:06:08 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 15:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 15:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 12:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 18:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 14:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 14:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-20 20:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 13:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 14:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 18:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 18:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 17:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 12:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 12:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-18 21:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 18:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 10:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-02-28 21:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="G:\qttask.exe" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-13 17:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"EPSON Stylus Photo 960"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 03:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:57]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Glance.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
backup=C:\WINDOWS\pss\Glance.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^vishi.VISHICLIENT^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\vishi.VISHICLIENT\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\DVD_Burn\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
G:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DesktopGateway"=2 (0x2)
"btwdins"=2 (0x2)
"aspnet_state"=3 (0x3)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
S2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\drivers\KProcWatch.sys
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys
S4 DesktopGateway;Desktop Gateway;C:\Program Files\Nexus Desktop\DesktopGatewayService.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 00:52:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-12 0:53:53
C:\ComboFix-quarantined-files.txt ... 2007-09-12 00:53
C:\ComboFix2.txt ... 2007-09-11 08:46
C:\ComboFix3.txt ... 2007-09-10 22:41
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:54:42 AM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\vishi.VISHICLIENT\Desktop\hello.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O6 "USB001" /M "Stylus Photo 960"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\DVD_Burn\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
#11
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 12 September 2007 - 01:55 AM
Hi
Delete the Combofix icon from your Desktop.
Navigate to and delete the following folders (if they are present):
Folders:
C:\Qoobox
C:\Combofix
E:\overnet incoming\Jerry Seinfeld - Stand Up Comedy (Full CD).rar
E:\desktop mix june 05\VX2_removal_set <----- very likely to be well out of date now.
Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
This is my usual speech for when you are clean, which you appear to be.
Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.
It's also a good idea to Flush your System Restore points after ridding yourself of malware:
Here are some free programs, I recommend.
Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here
Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
Make sure your Windows is ALWAYS up to date!
An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?"
Follow this list and your potential for being infected again will reduce dramatically.
Glad I was able to help.
Delete the Combofix icon from your Desktop.
Navigate to and delete the following folders (if they are present):
Folders:
C:\Qoobox
C:\Combofix
E:\overnet incoming\Jerry Seinfeld - Stand Up Comedy (Full CD).rar
E:\desktop mix june 05\VX2_removal_set <----- very likely to be well out of date now.
Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
- Close any programmes you may have running, ESPECIALLY your web browser
- Click Start > Control Panel.
- Click Add/Remove Programs.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove all versions of Java.
- Reboot your computer once all Java components are removed.
This is my usual speech for when you are clean, which you appear to be.
Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.
It's also a good idea to Flush your System Restore points after ridding yourself of malware:
- Click Start | Help and Support | Undo changes to your computer with System Restore.
- Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
- Close the Help and Support Center box.
- Click Start | Run and type Cleanmgr
- Select (C: ) then click OK.
- Click the More Options tab.
- Click Clean Up in the System Restore Section.
Here are some free programs, I recommend.
Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here
Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
Make sure your Windows is ALWAYS up to date!
An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?"
Follow this list and your potential for being infected again will reduce dramatically.
Glad I was able to help.
#12
vishi
-
- Authentic Member
-
- 7 posts
New Member
Posted 13 September 2007 - 03:56 PM
Hi Scotty,
I just wanted to say that I really appreciate your help. I think it's people like you that make Internet such an amazing great thing.
Thanks again,
Vishi
#13
Scotty
-
- Authentic Member
-
- 3,634 posts
Always Happy
Posted 14 September 2007 - 01:56 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
