|
|
#1
19th Oct 2008, 21:51
| |||
| |||
 Virus/Worm/Trojon Killing Computer! Here are my logs as i seen from others i thought i would get them straight away cheers, please help me if you can. having lots of problems with computer running very slow and software not working to well i think! Logfile of random's system information tool 1.04 (written by random/random) Run by Michael Fallaver at 2008-10-20 15:45:57 Microsoft Windows XP Professional Service Pack 2 System drive C: has 10 GB (9%) free of 114 GB Total RAM: 511 MB (20% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{34B9C611-629C-43AA-9F9D-4B58086EA729}] 917671 Class - C:\WINDOWS\system32\917671\917671.dll [2008-10-18 14848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7A2F3A2E-4B59-4932-B2C3-2E7F13B03207}] 304434 Class - C:\WINDOWS\system32\304434\304434.dll [2008-10-13 14848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll [2008-09-20 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSN Search Toolbar Helper - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 577744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 577744] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-05 180269] "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-09 128920] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] "sysftray2"=C:\windows\bolivar20.exe [2008-10-13 26624] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264] "VistaUpgrade"=C:\WINDOWS\system32\vistaupgrade.ex e [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2007-07-30 68856] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-02-08 95800] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-09-03 67128] "EVEREST AutoStart"=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Rar$ EX00.563\Everest\EVEREST Ultimate Edition v4.00.976 Multilingual + KeyGen\everest.exe [] "Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S [] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-10-10 3061248] "(ProtectedStorage) "=C:\Program Files\MySpace\bin\ole32.exe [2008-10-18 9472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe [2003-04-07 631364] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-12-12 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-18 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk] C:\PROGRA~1\MICROS~2\Office\1033\OLFSNT40.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-08-16 118784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-05-16 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SAVService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SAVService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "\\CENTURION\WARCRAFT3\Warcraft III.exe"="\\CENTURION\WARCRAFT3\Warcraft III.exe:*:Enabled:Warcraft III.exe" "C:\Documents and Settings\Michael Fallaver\Desktop\WarCraft3 on Centurion\Warcraft III.exe"="C:\Documents and Settings\Michael Fallaver\Desktop\WarCraft3 on Centurion\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Documents and Settings\Michael Fallaver\Desktop\WarCraft3 on Centurion\War3.exe"="C:\Documents and Settings\Michael Fallaver\Desktop\WarCraft3 on Centurion\War3.exe:*:Disabled:War3.exe" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Documents and Settings\Michael Fallaver\My Documents\Games\WarCraft3 on Centurion\Warcraft III.exe"="C:\Documents and Settings\Michael Fallaver\My Documents\Games\WarCraft3 on Centurion\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Documents and Settings\Michael Fallaver\My Documents\Games\WarCraft3 on Centurion\War3.exe"="C:\Documents and Settings\Michael Fallaver\My Documents\Games\WarCraft3 on Centurion\War3.exe:*:Enabled:Warcraft III" "C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++" "C:\Documents and Settings\Michael Fallaver\My Documents\Games\Vietcong on Centurion\vietcong.exe"="C:\Documents and Settings\Michael Fallaver\My Documents\Games\Vietcong on Centurion\vietcong.exe:*:Enabled:vietcong" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.5.0-enUS-downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"="C:\Program Files\DC++\Downloads\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\DC++\Downloads\COD\CoDUOMP.exe"="C:\Program Files\DC++\Downloads\COD\CoDUOMP.exe:*:Enabled:CoD UOMP" "C:\Program Files\DC++\Downloads\COD\CoDMP.exe"="C:\Program Files\DC++\Downloads\COD\CoDMP.exe:*:Enabled:CoDMP " "C:\Program Files\DC++\Downloads\RedFaction\Copy of rf.exe"="C:\Program Files\DC++\Downloads\RedFaction\Copy of rf.exe:*:Enabled:Copy of rf" "C:\Program Files\DC++\Downloads\RedFaction\RF.exe"="C:\Progra m Files\DC++\Downloads\RedFaction\RF.exe:*:Enabled:R F" "C:\Program Files\DC++\Downloads\RedFaction\RedFaction.exe"="C :\Program Files\DC++\Downloads\RedFaction\RedFaction.exe:*:E nabled:Red Faction Launcher" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\syste m32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\Program Files\DC++\Downloads\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe"="C:\Program Files\DC++\Downloads\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Disabled:SoF2MP" "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Program Files\DC++\Downloads\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\DC++\Downloads\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora" "C:\Program Files\DC++\Downloads\DCPlusPlus.exe"="C:\Program Files\DC++\Downloads\DCPlusPlus.exe:*:Enabled:BCDC ++" "C:\Program Files\Real\RealPlayer\trueplay.exe"="C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealP layer" "C:\Program Files\DC++\Downloads\StrongDC.exe"="C:\Program Files\DC++\Downloads\StrongDC.exe:*:Enabled:Strong DC++" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word" "C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel" "C:\Program Files\Warcraft III\lancraft101b\LANCRAFT.EXE"="C:\Program Files\Warcraft III\lancraft101b\LANCRAFT.EXE:*:Enabled:LANCRAFT" "C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2" "C:\Program Files\DC++\debroad\debroadcaster.exe"="C:\Program Files\DC++\debroad\debroadcaster.exe:*:Enabled:deb roadcaster" "C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++ " "C:\Program Files\DC++\Downloads\coduo\CoDMP.exe"="C:\Program Files\DC++\Downloads\coduo\CoDMP.exe:*:Enabled:CoD MP" "C:\Program Files\DC++\Downloads\coduo\CoDUOMP.exe"="C:\Progra m Files\DC++\Downloads\coduo\CoDUOMP.exe:*:Enabled:C oDUOMP" "C:\Program Files\DC++\Downloads\et-2007 res edition\et-Test Version\et\et\ET.exe"="C:\Program Files\DC++\Downloads\et-2007 res edition\et-Test Version\et\et\ET.exe:*:Enabled:ET" "C:\Program Files\DC++\Downloads\Games\coduo\CoDUOMP.exe"="C:\ Program Files\DC++\Downloads\Games\coduo\CoDUOMP.exe:*:Ena bled:CoDUOMP" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\DC++\Downloads\DirectX\dplaysvr.exe"="C:\Pro gram Files\DC++\Downloads\DirectX\dplaysvr.exe:*:Enable d:Microsoft DirectPlay Server " "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\sys tem32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Bitmap Brothers\Z\winz.exe"="C:\Program Files\Bitmap Brothers\Z\winz.exe:*:Enabled:winz" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008" "C:\Program Files\DC++\Downloads\Age Of Empires 2 + Expansion'\age2_x1.exe"="C:\Program Files\DC++\Downloads\Age Of Empires 2 + Expansion'\age2_x1.exe:*:Disabled:Age of Empires II Expansion" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Ena bled:LimeWire swarmed installer" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\MySpace\bin\ole32.exe"="C:\Program Files\MySpace\bin\ole32.exe:*:Enabled:TINYPROXY" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:*:Enabled:Logitech Desktop Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{01ea2ee6-e9ca-11dc-8985-00184dc4a1c2}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe shell\default\command - F:\a.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4a54b0fa-4e3a-11dc-8879-000d617adc6d}] shell\Auto\command - infrom.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{74b3d95c-9b09-11dd-8af7-00184dc4a1c2}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe shell\default\command - F:\a.exe ======File associations====== .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-10-20 15:46:07 ----D---- C:\Program Files\trend micro 2008-10-20 15:45:57 ----D---- C:\rsit 2008-10-18 08:16:07 ----D---- C:\WINDOWS\system32\917671 2008-10-15 22:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 22:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 22:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 22:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 22:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-13 21:50:13 ----D---- C:\Program Files\Common Files\PC Tools 2008-10-13 21:50:02 ----D---- C:\Program Files\Spyware Doctor 2008-10-13 21:50:02 ----D---- C:\Documents and Settings\Michael Fallaver\Application Data\PC Tools 2008-10-13 21:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-10-13 21:27:13 ----D---- C:\WINDOWS\system32\304434 2008-10-13 21:26:38 ----A---- C:\WINDOWS\bolivar20.exe 2008-10-10 14:49:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-10 14:49:18 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-10-10 14:49:14 ----A---- C:\WINDOWS\system32\wbhelp2.dll 2008-10-10 14:49:13 ----D---- C:\Program Files\DAP 2008-10-07 18:15:36 ----D---- C:\Documents and Settings\Michael Fallaver\Application Data\InstallShield 2008-10-07 18:15:35 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-10-07 18:15:26 ----D---- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE0 21 2008-10-07 18:15:08 ----A---- C:\WINDOWS\minitab.ini 2008-10-07 18:14:42 ----D---- C:\Program Files\Minitab 15 2008-09-23 17:18:43 ----D---- C:\Program Files\LoadIt 2008-09-23 17:16:13 ----N---- C:\WINDOWS\system32\spmsg.dll ======List of files/folders modified in the last 1 months====== 2008-10-20 15:46:07 ----RD---- C:\Program Files 2008-10-20 15:45:55 ----D---- C:\WINDOWS\Prefetch 2008-10-20 15:45:42 ----D---- C:\WINDOWS\Temp 2008-10-20 15:11:30 ----D---- C:\Program Files\Messenger 2008-10-20 15:06:54 ----SD---- C:\WINDOWS\Tasks 2008-10-20 15:05:55 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-20 15:04:15 ----D---- C:\WINDOWS\system32\drivers 2008-10-20 12:00:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-18 08:16:13 ----D---- C:\Program Files\MySpace 2008-10-18 08:16:07 ----D---- C:\WINDOWS\system32 2008-10-16 09:34:37 ----HD---- C:\WINDOWS\inf 2008-10-16 09:16:27 ----D---- C:\WINDOWS 2008-10-15 22:32:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-15 22:32:29 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-15 22:32:27 ----A---- C:\WINDOWS\imsins.BAK 2008-10-14 08:46:56 ----D---- C:\Program Files\WingowsPoker 2008-10-14 08:35:10 ----D---- C:\Program Files\ActivationManager 2008-10-13 21:51:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-13 21:50:13 ----D---- C:\Program Files\Common Files 2008-10-13 19:22:59 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-12 19:26:22 ----D---- C:\Documents and Settings\Michael Fallaver\Application Data\Real 2008-10-11 09:31:45 ----D---- C:\etax2007 2008-10-10 14:59:15 ----SD---- C:\Documents and Settings\Michael Fallaver\Application Data\Microsoft 2008-10-08 06:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-07 22:17:56 ----D---- C:\Program Files\DominateGame 2008-10-07 18:15:37 ----SHD---- C:\WINDOWS\Installer 2008-10-07 18:15:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-07 18:14:42 ----D---- C:\Program Files\Common Files\InstallShield 2008-10-07 18:12:54 ----D---- C:\WINDOWS\Downloaded Installations 2008-09-23 17:18:51 ----D---- C:\WINDOWS\system32\CatRoot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952] R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096] R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys [] R1 SAVOnAccess Control;SAVOnAccess Control; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2006-04-07 80128] R1 SAVOnAccess Filter;SAVOnAccess Filter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2006-04-07 24064] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032] R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-15 622172] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-16 745984] R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-09-15 223128] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-23 13440] R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2002-11-08 52238] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-12-23 174464] S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver; \??\D:\BPIKSp50.sys [] S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-11-15 12640] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 qcusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\ZTEusbser.sys [2007-03-02 99584] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-16 376832] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-19 303104] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 Protected Storage (ProtectedStorage) ;Protected Storage (ProtectedStorage) ; C:\Program Files\MySpace\bin\ole32.exe [2008-10-18 9472] R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-08-09 69632] R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-09 86016] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2006-11-23 163840] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096] S2 NTLOAD;NTLOAD; c:\windows\system32\dllcache\win32\winlogon.exe [2004-06-12 13312] S2 NTSVCMGR;NTSVCMGR; c:\windows\system32\dllcache\win32\winlogon.exe [2004-06-12 13312] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-28 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] -----------------EOF----------------- |
|
#2
20th Oct 2008, 01:04
| |||
| |||
| Virus/Worm/Trojon Killing Computer! Well, I don't know how to read the logs, but you said your computer is slow? Try freeing up some space on the hard drive, or do a disk defragment. It could help.
__________________ HI :) |
|
#3
20th Oct 2008, 02:57
| |||||||||||||
| |||||||||||||
| Virus/Worm/Trojon Killing Computer! Quote:
OP someone will be along shortly.  My System: Hybr!d
|
|
#4
20th Oct 2008, 11:43
| ||||||||||||
| ||||||||||||
| Virus/Worm/Trojon Killing Computer! Hi
__________________
My name is Iain and I will be helping you clean your system. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. Combofix We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix **Note: It is important that ComboFix is saved directly to your desktop** Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. See here for a guide to disabling AV, Firewall and Anti-malware programmes. Once you've downloaded the appropriate RC setup package for your system to the desktop, follow these instructions:
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. HijackThis Please download HijackThis. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis. Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the HijackThis log file here. Do not fix anything in HijackThis as many entries are harmless. Make sure to include the System information at the top of the log as well. My System: It's all mine...
|
|
#5
20th Oct 2008, 21:13
| |||
| |||
| Virus/Worm/Trojon Killing Computer! Hey there thanks very much for your prompt reply and your help so far !!! here is my log after i ran combofix. I will now download the hijack program. Thanks again ComboFix 08-10-19.04 - Michael Fallaver 2008-10-21 14:48:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.124 [GMT 11:00] Running from: C:\Documents and Settings\Michael Fallaver\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Michael Fallaver\Desktop\WinXP_EN_HOM_BF.EXE * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\ActivationManager C:\Program Files\ActivationManager\Uninstall.exe C:\Program Files\SideFind C:\Program Files\SideFind\sfexd001 C:\Program Files\SideFind\sidefind.dll C:\WINDOWS\fmark2.dat C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\304434 C:\WINDOWS\system32\304434\304434.dll C:\WINDOWS\system32\917671 C:\WINDOWS\system32\917671\917671.dll C:\WINDOWS\system32\mdm.exe ----- BITS: Possible infected sites ----- hxxp://webstore.loadit.com.au . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NTLOAD -------\Service_NTLOAD ((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))))) . 2008-10-21 14:55 . 2008-10-21 14:55 1 --a------ C:\WINDOWS\fmark2.dat 2008-10-20 15:46 . 2008-10-20 15:46 <DIR> d-------- C:\Program Files\trend micro 2008-10-20 15:45 . 2008-10-20 15:46 <DIR> d-------- C:\rsit 2008-10-13 21:50 . 2008-10-21 09:29 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-10-13 21:50 . 2008-10-13 21:57 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-10-13 21:50 . 2008-10-13 21:50 <DIR> d-------- C:\Documents and Settings\Michael Fallaver\Application Data\PC Tools 2008-10-13 21:50 . 2008-10-13 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-10-13 21:50 . 2008-07-28 12:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys 2008-10-13 21:50 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-13 21:50 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-13 21:50 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-13 21:50 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-13 21:27 . 2008-10-20 15:11 1 --a------ C:\WINDOWS\f49f4daa.dat 2008-10-13 21:26 . 2008-10-13 21:26 26,624 --a------ C:\WINDOWS\bolivar20.exe 2008-10-10 14:49 . 2008-10-10 14:50 <DIR> d-------- C:\Program Files\DAP 2008-10-10 14:49 . 2008-10-21 14:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-10 14:49 . 2008-10-10 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-10-10 14:49 . 2008-10-10 14:49 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx 2008-10-10 14:49 . 2008-10-10 14:49 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-10-10 14:49 . 2008-10-10 14:49 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2008-10-07 18:15 . 2008-10-07 18:15 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE0 21 2008-10-07 18:15 . 2008-10-07 18:15 <DIR> d-------- C:\Documents and Settings\Michael Fallaver\Application Data\InstallShield 2008-10-07 18:15 . 2008-10-07 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-10-07 18:15 . 2008-10-07 18:15 65 --a------ C:\WINDOWS\minitab.ini 2008-10-07 18:14 . 2008-10-07 18:15 <DIR> d-------- C:\Program Files\Minitab 15 2008-09-23 17:18 . 2008-09-23 17:18 <DIR> d-------- C:\Program Files\LoadIt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-10-17 21:16 --------- d-----w C:\Program Files\MySpace 2008-10-13 21:46 --------- d-----w C:\Program Files\WingowsPoker 2008-10-07 11:17 --------- d-----w C:\Program Files\DominateGame 2008-10-07 07:14 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-08 10:09 --------- d-----w C:\Documents and Settings\Michael Fallaver\Application Data\Apple Computer 2008-09-08 09:53 --------- d-----w C:\Program Files\Apple Software Update 2008-09-08 09:52 --------- d-----w C:\Program Files\Safari 2008-09-04 01:08 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-04 01:04 --------- d-----w C:\Documents and Settings\Michael Fallaver\Application Data\Uniblue 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-24 03:47 --------- d-----w C:\Program Files\iTunes 2008-08-24 03:46 --------- d-----w C:\Program Files\iPod 2008-08-24 03:43 --------- d-----w C:\Program Files\QuickTime 2008-08-24 03:43 --------- d-----w C:\Program Files\Bonjour 2007-03-12 04:06 45 ----a-w C:\Documents and Settings\Michael Fallaver\getfile.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-30 68856] "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-09-03 67128] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-10-10 3061248] "(ProtectedStorage) "="C:\Program Files\MySpace\bin\ole32.exe" [2008-10-18 9472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-05 180269] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "sysftray2"="C:\windows\bolivar20.exe" [2008-10-13 26624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 36040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2006-11-23 245760] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-09-03 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-03 528384] WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-12-10 745472] Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SAVService] @="service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-05-15 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-04-07 02:16 631364 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] -----c--- 2002-11-08 21:50 19968 C:\WINDOWS\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2004-05-14 18:47 67072 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "\\\\CENTURION\\WARCRAFT3\\Warcraft III.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"= "C:\\Program Files\\DC++\\debroad\\debroadcaster.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"= "C:\\Program Files\\Bitmap Brothers\\Z\\winz.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MySpace\\bin\\ole32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "8383:TCP"= 8383:TCP:TINYPROXY "53:TCP"= 53:TCP:TINYPROXY R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.s ys [2008-07-28 160792] R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscon trol.sys [2006-04-07 80128] R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilt er.sys [2006-04-07 24064] R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 Protected Storage (ProtectedStorage) ;Protected Storage (ProtectedStorage) ;C:\Program Files\MySpace\bin\ole32.exe [2008-10-18 9472] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808] R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2002-10-02 13532] S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;D:\BPIKSp50.sys [ ] S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEusbse r.sys [2007-03-02 99584] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{01ea2ee6-e9ca-11dc-8985-00184dc4a1c2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe \Shell\default\command - F:\a.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{74b3d95c-9b09-11dd-8af7-00184dc4a1c2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe \Shell\default\command - F:\a.exe . Contents of the 'Scheduled Tasks' folder 2008-09-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2008-10-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - BHO-{34B9C611-629C-43AA-9F9D-4B58086EA729} - C:\WINDOWS\system32\917671\917671.dll HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe HKLM-Run-VistaUpgrade - C:\WINDOWS\system32\vistaupgrade.exe MSConfigStartUp-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe |
|
#6
21st Oct 2008, 13:29
| |||
| |||
| Virus/Worm/Trojon Killing Computer! Hi again Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. [u]Combofix[/U
Code: File:: C:\WINDOWS\fmark2.dat C:\WINDOWS\f49f4daa.dat C:\WINDOWS\bolivar20.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "sysftray2"=-  Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript onto ComboFix.exe. When finished, it will produce a log for you at "C:\ComboFix.txt" Do not mouseclick combofix's window whilst it's running. This may cause it to stall. CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows! Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review. |
|
#7
26th Oct 2008, 23:58
| |||
| |||
| Virus/Worm/Trojon Killing Computer! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:20 PM, on 27/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MySpace\bin\ole32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\bolivar22.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\MySpace\bin\ole32.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe c:\windows\che3.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Michael Fallaver\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:8383 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sysftray2] C:\windows\bolivar22.exe O4 - HKLM\..\Run: [sysberay2] c:\windows\che3.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [(ProtectedStorage) ] "C:\Program Files\MySpace\bin\ole32.exe" /set O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricoch...GameLoader.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0067DF8B-03CB-43B5-BFFC-D8DE8B19F9AD}: Domain = vic.bigpond.net.au O17 - HKLM\System\CS1\Services\Tcpip\..\{0067DF8B-03CB-43B5-BFFC-D8DE8B19F9AD}: Domain = vic.bigpond.net.au O17 - HKLM\System\CS2\Services\Tcpip\..\{0067DF8B-03CB-43B5-BFFC-D8DE8B19F9AD}: Domain = vic.bigpond.net.au O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Program Files\MySpace\bin\ole32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- End of file - 9992 bytes |
|
#8
27th Oct 2008, 12:46
| |||
| |||
| Virus/Worm/Trojon Killing Computer! Conbofix will have produced another log - I need to see that as well please. Can you also let me know how your system is running now? |
|
#9
27th Oct 2008, 16:50
| |||
| |||
| Virus/Worm/Trojon Killing Computer! [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-05-15 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a--c--- 2003-04-07 02:16 631364 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] -----c--- 2002-11-08 21:50 19968 C:\WINDOWS\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2004-05-14 18:47 67072 C:\WINDOWS\SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "\\\\CENTURION\\WARCRAFT3\\Warcraft III.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"= "C:\\Program Files\\DC++\\debroad\\debroadcaster.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"= "C:\\Program Files\\Bitmap Brothers\\Z\\winz.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MySpace\\bin\\ole32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "8383:TCP"= 8383:TCP:TINYPROXY "53:TCP"= 53:TCP:TINYPROXY R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.s ys [2008-07-28 160792] R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] R2 Protected Storage (ProtectedStorage) ;Protected Storage (ProtectedStorage) ;C:\Program Files\MySpace\bin\ole32.exe [2008-10-18 9472] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808] R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2002-10-02 13532] S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;D:\BPIKSp50.sys [ ] S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEusbse r.sys [2007-03-02 99584] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{01ea2ee6-e9ca-11dc-8985-00184dc4a1c2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe \Shell\default\command - F:\a.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{74b3d95c-9b09-11dd-8af7-00184dc4a1c2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL a.exe \Shell\default\command - F:\a.exe . Contents of the 'Scheduled Tasks' folder 2008-09-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2008-10-27 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.bigpond.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyOverride = *.local;<local> R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:8383 R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 -: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-28 10:26:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe . ************************************************** ************************ . Completion time: 2008-10-28 10:31:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-27 23:31:53 ComboFix2.txt 2008-10-21 04:02:03 Pre-Run: 10,164,019,200 bytes free Post-Run: 10,206,842,880 bytes free 253 --- E O F --- 2008-10-25 22:51:32 |
|
#10
27th Oct 2008, 16:52
| |||
| |||
| Virus/Worm/Trojon Killing Computer! computer is running alot smoother at the moment, thanks for your help so far. I am still having trouble on the facebook page with the chat for some reason. |
 |
 |
| Bookmarks |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| I Got Virus!! and I Dont Know Anything About It. What is Worm Ad Trojan? | ct122592 | Virus, Spyware & Security | 5 | 21st Mar 2009 12:08 |
| Hi i'm Michael & i may have downloaded the virus/worm of the year! | MichaelCrichton12 | Introduce Yourself Here | 6 | 20th Oct 2008 11:59 |
| Virus - killing my net connection | devsadv | Virus, Spyware & Security | 11 | 13th Aug 2008 15:05 |
| Possible worm in my computer? | urmaserendipity85 | Virus, Spyware & Security | 16 | 22nd Jul 2008 12:02 |
| Thread Tools | |
| |
