MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HJT Log, please help!!
April 06, 2020, 07:25:00 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 06, 2020, 07:25:00 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2 Go Down Print
Author Topic: HJT Log, please help!!  (Read 4827 times)
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« on: April 17, 2007, 04:05:10 AM »

Hello all I have another friends computer that I am trying to fix, and I am still having problems with it.

I have ran trend micro, adaware, spybot, etc., etc.

Here is the info

Windows XP SP2
IE  SP2

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:03:37 AM, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\micro1\b9.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=4105&_lang=EN
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ghdcqgls.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B9C51AF4-DACE-4368-9052-4BEF40CD6EAD} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {C542DCAE-2AF5-4970-B414-FCC809FDEA15} - C:\Program Files\MSN\hoketoz.dll
O2 - BHO: 0 - {F8E99E28-E2F4-4C52-D780-F7DEDD087A7D} - C:\Program Files\ComPlus Applications\lavunabir.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169120152109
O20 - Winlogon Notify: hggeday - C:\WINDOWS\SYSTEM32\hggeday.dll
O20 - Winlogon Notify: vtsts - C:\WINDOWS\system32\vtsts.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7504 bytes
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #1 on: April 19, 2007, 12:25:28 PM »

Hello,


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking   
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.   
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.   
 In the right pane, uncheck Enable Script Blocking (recommended).    
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
 
Logged

Steve
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #2 on: April 20, 2007, 02:27:27 AM »

"Tim" - 07-04-19 22:11:47    Service Pack 2 
ComboFix 07-04-19.2V - Running from: C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\


((((((((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ftcojqwh.dll
C:\WINDOWS\system32\omyluyjg.dll
C:\WINDOWS\system32\vqwyihgs.dll
C:\WINDOWS\system32\giagjiys.dll
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\hggeday.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bund1


(((((((((((((((((((((((((((((((   Files Created from 2007-03-19 to 2007-04-19  ))))))))))))))))))))))))))))))))))


2007-04-19 22:06   43,060   --a------   C:\WINDOWS\hGFdeYYm64pUIdwQ.exe
2007-04-19 22:06   125,460   --a------   C:\WINDOWS\system32\gfdaqncw.dll
2007-04-16 23:53   86,094   --a------   C:\WINDOWS\BPMNT.dll
2007-04-16 23:53   1,101,904   --a------   C:\WINDOWS\vsapi32.dll
2007-04-16 23:52   4   --a------   C:\WINDOWS\RM_RESULT.DAT
2007-04-16 23:52   229,957   --a------   C:\WINDOWS\tsc.exe
2007-04-16 23:52   <DIR>   d--------   C:\WINDOWS\report
2007-04-16 23:52   <DIR>   d--------   C:\WINDOWS\AU_Temp
2007-04-16 23:52   <DIR>   d--------   C:\WINDOWS\AU_Log
2007-04-16 23:52   <DIR>   d--------   C:\WINDOWS\AU_Backup
2007-04-16 23:51   69,689   --a------   C:\WINDOWS\UNZIP.DLL
2007-04-16 23:51   208,896   --a------   C:\WINDOWS\PATCH.EXE
2007-04-16 23:51   1,142,784   --a------   C:\WINDOWS\TMUPDATE.DLL
2007-04-16 23:15   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-16 23:13   <DIR>   d--------   C:\DOCUME~1\Tim\APPLIC~1\Lavasoft
2007-04-16 23:12   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-04-16 21:09   <DIR>   d--------   C:\DOCUME~1\Tim\APPLIC~1\SlySoft
2007-04-16 21:08   105,434   --a------   C:\WINDOWS\VTTC.exe
2007-04-16 21:08   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-16 21:07   72,320   --a------   C:\WINDOWS\system32\drivers\core.sys
2007-04-16 21:07   <DIR>   d--------   C:\WINDOWS\system32\micro1
2007-04-16 21:03   <DIR>   d--------   C:\DOCUME~1\Tim\APPLIC~1\bang
2007-04-16 20:29   87,608   --a------   C:\DOCUME~1\Tim\APPLIC~1\ezpinst.exe
2007-04-16 20:29   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-16 20:29   47,360   --a------   C:\DOCUME~1\Tim\APPLIC~1\pcouffin.sys
2007-04-16 20:29   <DIR>   d--------   C:\DOCUME~1\Tim\APPLIC~1\Vso
2007-04-16 19:40   <DIR>   d--------   C:\WINDOWS\Sun
2007-04-16 19:40   <DIR>   d--------   C:\DOCUME~1\Tim\APPLIC~1\Sun
2007-04-12 22:32   17,920   --a------   C:\DOCUME~1\Tim\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-29 22:21   <DIR>   d--------   C:\Program Files\SAMSUNG CDMA Modem
2007-03-28 23:28   <DIR>   d--h-----   C:\NGSession
2007-03-26 18:39   <DIR>   d--------   C:\DOCUME~1\Tim\Incomplete
2007-03-26 18:35   <DIR>   d--------   C:\Program Files\LimeWire
2007-03-26 18:35   <DIR>   d--------   C:\Program Files\Java
2007-03-26 18:35   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-03-26 18:32   <DIR>   d--------   C:\DOCUME~1\Tim\.limewire
2007-03-24 13:05   <DIR>   d--------   C:\Program Files\Alcohol Soft
2007-03-24 13:02   639,224   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 23:26   <DIR>   d--------   C:\DOCUME~1\Tim\.java
2007-03-22 23:18   36,972   ---------   C:\WINDOWS\system32\ActPanel.dll
2007-03-22 23:18   <DIR>   d--------   C:\Program Files\JavaSoft
2007-03-22 16:55   <DIR>   d--------   C:\0381a7d8621ff9ab62ace147


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-16 23:00   7824   --a------   C:\DOCUME~1\Tim\APPLIC~1\pcouffin.cat
2007-04-16 23:00   33   --a------   C:\DOCUME~1\Tim\APPLIC~1\pcouffin.log
2007-04-16 23:00   1144   --a------   C:\DOCUME~1\Tim\APPLIC~1\pcouffin.inf
2007-04-16 21:49   --------   d--------   C:\DOCUME~1\Tim\APPLIC~1\ripit4me
2007-04-06 10:31   --------   d--------   C:\Program Files\bitcomet
2007-03-22 23:18   --------   d--h-----   C:\Program Files\installshield installation information
2007-03-22 23:18   --------   d--------   C:\Program Files\Common Files\installshield
2007-03-17 09:58   --------   d--------   C:\DOCUME~1\Tim\APPLIC~1\kctmon
2007-03-17 09:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 11:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-03-04 23:17   --------   d--------   C:\DOCUME~1\Tim\APPLIC~1\apple computer
2007-03-01 10:53   142   --a------   C:\Program Files\page.html
2007-02-21 20:07   --------   d--------   C:\Program Files\microsoft activesync
2007-02-19 23:09   1168   --a------   C:\WINDOWS\mozver.dat
2007-02-19 23:07   --------   d--------   C:\DOCUME~1\Tim\APPLIC~1\talkback
2007-02-19 23:06   0   --a------   C:\WINDOWS\nsreg.dat
2007-02-06 19:51   109568   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-02-06 19:51   108544   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-02-05 16:17   185344   --a------   C:\WINDOWS\system32\upnphost.dll
2007-01-28 12:58   2560   --a------   C:\WINDOWS\system32\bitcometres.dll
2007-01-20 09:29   120   --a------   C:\DOCUME~1\Tim\APPLIC~1\fixvts.ini
2007-01-17 18:39   62   --ahs----   C:\DOCUME~1\Tim\APPLIC~1\desktop.ini


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4}   C:\WINDOWS\system32\giagjiys.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}   C:\Program Files\BitComet\tools\BitCometBHO.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{C542DCAE-2AF5-4970-B414-FCC809FDEA15}   C:\Program Files\MSN\hoketoz.dll
{F5F49357-3DF8-4619-9D2C-E861287581Be}   C:\WINDOWS\system32\gfdaqncw.dll
{F8E99E28-E2F4-4C52-D780-F7DEDD087A7D}   C:\Program Files\ComPlus Applications\lavunabir.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"bantool"="C:\\WINDOWS\\system32\\micro1\\b9.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
   Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages   REG_MULTI_SZ      scecli\0\0

 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
WudfServiceGroup   REG_MULTI_SZ      WUDFSvc\0\0


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-19 22:24:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-19 22:24
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #3 on: April 21, 2007, 05:50:45 AM »

Download ATF (Atribune Temp File) Cleaner
Logged

Steve
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #4 on: April 21, 2007, 05:08:21 PM »

AVG Log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   1:04:56 PM 21/04/2007

 + Scan result:   



C:\WINDOWS\system32\micro1\f1.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\system32\micro1\f4.exe -> Adware.SurfSide : Ignored.
C:\Program Files\MSN\hoketoz.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053719.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP222\snapshot\MFEX-1.DAT -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053791.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\snapshot\MFEX-1.DAT -> Adware.TTC : Ignored.
C:\WINDOWS\system32\micro1\f33.exe -> Adware.ZQuest : Ignored.
C:\WINDOWS\system32\micro1\fin5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\Program Files\func.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\func.js -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053727.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053728.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\hGFdeYYm64pUIdwQ.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
Logged

 
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #5 on: April 21, 2007, 05:08:41 PM »

continued

:mozilla.205:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.383:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.498:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.398:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.399:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.625:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.626:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.345:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.346:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.507:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.518:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.519:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.57:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.58:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.685:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.60:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.32:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.50:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.51:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.52:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.53:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.54:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.149:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.153:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.154:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.651:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.394:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.395:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.396:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.397:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.267:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.276:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.271:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.563:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.35:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.38:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.291:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.292:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.327:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.333:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.334:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.335:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.336:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.337:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.338:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.339:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.340:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.s*xcounter : Cleaned.
:mozilla.414:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.415:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.416:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.432:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.442:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.443:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.444:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.445:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.446:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.447:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.448:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.449:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.328:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.329:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.330:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.331:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.332:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.462:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.486:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.487:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.488:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.596:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.618:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.619:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.620:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.621:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.622:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.623:C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\zzazz5ya.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\micro1\b9.exe -> Trojan.Bantool : Cleaned with backup (quarantined).


::Report end
Logged

 
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #6 on: April 21, 2007, 05:09:23 PM »

HJT Log


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:07:04 PM, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=4105&_lang=EN
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\giagjiys.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {F5F49357-3DF8-4619-9D2C-E861287581Be} - C:\WINDOWS\system32\gfdaqncw.dll
O2 - BHO: 0 - {F8E99E28-E2F4-4C52-D780-F7DEDD087A7D} - C:\Program Files\ComPlus Applications\lavunabir.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169120152109
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6746 bytes
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #7 on: April 23, 2007, 08:19:50 PM »

Run HijackThis and check the following:

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\giagjiys.dll (file missing)
O2 - BHO: (no name) - {F5F49357-3DF8-4619-9D2C-E861287581Be} - C:\WINDOWS\system32\gfdaqncw.dll

Click FIX CHECKED

Go here and run a Bitdefender Online Scan - save and post that log here with a new HijackThis log.
Logged

Steve
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #8 on: April 24, 2007, 02:16:02 AM »

BitDefender Online Scanner
 
 
 
Scan report generated at: Mon, Apr 23, 2007 - 20:21:28
 
 
 
 
 
Scan path: A:\;C:\Grin:\;E:\;F:\;G:\;
 
 
 
 
 
 
 
Statistics
 
Time
 01:25:50
 
Files
 349948
 
Folders
 5110
 
Boot Sectors
 4
 
Archives
 3200
 
Packed Files
 24571
 
 
 
 
Results
 
Identified Viruses
 10
 
Infected Files
 23
 
Suspect Files
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 23
 
 
 
 
Engines Info
 
Virus Definitions
 487538
 
Engine build
 AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
 
 
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
 
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
 
 
 
  Scanned File
  Status
 
C:\Documents and Settings\Tim\My Documents\DVDFab Platinum 3.0.8.6 Final + Crack\DVDFabPlatinum3086.exe=>(RAR Sfx o)=>is67211.exe
 Infected with: MemScan:Trojan.Virtumod.IY
 
C:\Documents and Settings\Tim\My Documents\DVDFab Platinum 3.0.8.6 Final + Crack\DVDFabPlatinum3086.exe=>(RAR Sfx o)=>is67211.exe
 Disinfection failed
 
C:\Documents and Settings\Tim\My Documents\DVDFab Platinum 3.0.8.6 Final + Crack\DVDFabPlatinum3086.exe=>(RAR Sfx o)=>is67211.exe
 Deleted
 
C:\Documents and Settings\Tim\My Documents\DVDFab Platinum 3.0.8.6 Final + Crack\DVDFabPlatinum3086.exe=>(RAR Sfx o)
 Update failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001
 Infected with: Dropped:Application.Adware.NewDotNet.B
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0001
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)
 Update failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0004
 Infected with: Rootkit.Agent.CL
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0004
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0004
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)
 Update failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0005
 Infected with: Trojan.Bantool.A
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0005
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)=>zlib_nsis0005
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir=>(NSIS o)
 Update failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\ftcojqwh.dll.vir
 Infected with: Trojan.Vundo.AN
 
C:\QooBox\Quarantine\C\WINDOWS\system32\ftcojqwh.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\ftcojqwh.dll.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\giagjiys.dll.vir
 Infected with: Trojan.Vundo.AO
 
C:\QooBox\Quarantine\C\WINDOWS\system32\giagjiys.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\giagjiys.dll.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\hggeday.dll.vir
 Infected with: Trojan.Peed.Gen
 
C:\QooBox\Quarantine\C\WINDOWS\system32\hggeday.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\hggeday.dll.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\omyluyjg.dll.vir
 Infected with: Trojan.Vundo.AN
 
C:\QooBox\Quarantine\C\WINDOWS\system32\omyluyjg.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\omyluyjg.dll.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vqwyihgs.dll.vir
 Infected with: Trojan.Vundo.AN
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vqwyihgs.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vqwyihgs.dll.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsts.dll.vir
 Infected with: MemScan:Trojan.Vundo.DLN
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsts.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsts.dll.vir
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP219\A0052994.dll
 Infected with: MemScan:Trojan.BHO.AU
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP219\A0052994.dll
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP219\A0052994.dll
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0001
 Infected with: Dropped:Application.Adware.NewDotNet.B
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0001
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0001
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)
 Update failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0004
 Infected with: Rootkit.Agent.CL
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0004
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0004
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)
 Update failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0005
 Infected with: Trojan.Bantool.A
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0005
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)=>zlib_nsis0005
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053715.exe=>(NSIS o)
 Update failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053716.dll
 Infected with: Trojan.Vundo.AN
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053716.dll
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053716.dll
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053717.dll
 Infected with: MemScan:Trojan.Vundo.DLN
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053717.dll
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053717.dll
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053718.dll
 Infected with: Trojan.Peed.Gen
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053718.dll
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP221\A0053718.dll
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053799.exe
 Infected with: Trojan.Clicker.Small.AV
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053799.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053799.exe
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053800.exe=>(NSIS o)=>zlib_nsis0003
 Infected with: Trojan.Clicker.Small.AV
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053800.exe=>(NSIS o)=>zlib_nsis0003
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053800.exe=>(NSIS o)=>zlib_nsis0003
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053800.exe=>(NSIS o)
 Update failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053801.sys
 Infected with: Rootkit.Agent.CL
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053801.sys
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053801.sys
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053802.exe
 Infected with: Trojan.Bantool.A
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053802.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053802.exe
 Deleted
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053803.exe
 Infected with: Rootkit.Agent.CL
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053803.exe
 Disinfection failed
 
C:\System Volume Information\_restore{8F6A2245-C12C-4B6A-8D97-59C1ACC03A93}\RP223\A0053803.exe
 Deleted
 
C:\WINDOWS\system32\micro1\f1.exe
 Infected with: Dropped:Application.Adware.NewDotNet.B
 
C:\WINDOWS\system32\micro1\f1.exe
 Disinfection failed
 
C:\WINDOWS\system32\micro1\f1.exe
 Deleted
 
 
 
Logged

 
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #9 on: April 24, 2007, 02:17:31 AM »

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:17:20 PM, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=4105&_lang=EN
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: 0 - {F8E99E28-E2F4-4C52-D780-F7DEDD087A7D} - C:\Program Files\ComPlus Applications\lavunabir.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169120152109
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6986 bytes
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #10 on: April 24, 2007, 08:23:56 PM »

The logs look good - are there any other problems?
Logged

Steve
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #11 on: April 28, 2007, 04:42:50 AM »

Yeah, I keep getting virus warnings from McAfee and they are all in Temporary Internet Files, and I have cleaned that folder and done virus scans and they keep coming back.  I also can't get my status bar on internet explorer to stay up, anytime the page changes, the bar is gone.
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #12 on: April 28, 2007, 07:33:45 AM »


Download CCleaner and install it. (default location is best).  Do not run it yet!

CCleaner Tutorial


*NOTE*  CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Logged

Steve
wolfe
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 74


Bookmark and Share

View Profile
« Reply #13 on: April 28, 2007, 07:42:22 PM »

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BitTorrent" = ""C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized" [file not found]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]
"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"CleanUp" = "C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup" ["McAfee, Inc"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
                                        \StubPath   = "C:\WINDOWS\system32\ieudinit.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F8E99E28-E2F4-4C52-D780-F7DEDD087A7D}\(Default) = "0"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\ComPlus Applications\lavunabir.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
  -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Tim" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
  -> {HKLM...CLSID} = "McAfee VirusScan"
                   \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Documents and Settings\Tim\My Documents\Spyware Adware and Virus Tools\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 86 seconds, including 9 seconds for message boxes)
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #14 on: April 28, 2007, 08:54:26 PM »

Nothing is showing in that log either.  Next time McAfee notifies you of a file - write down the name, location, infection and post it here.
Logged

Steve
Pages: [1] 2 Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 20, 2017, 11:26:37 PM