Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED]

Options

verve View Member Profile	Mar 23 2008, 06:07 PM Post #101
Member Posts: 71 OS: windows XP	hello, I've somehow managed to get my pc infected with the bagle worm. Xoftspy (practically the only antispyware that willopen up except for pestpatrol) finds the Bagle IX and Bagle GI and offers removing them. but when i restart i get the same thing again. Avast cant be opened and doesnt even load on startup. it says its not a valid win32 application. I cant even open hijackthis. when i click the exe it simply freezes. Also, i noticed desktop.ini in my startup folder and in a few other locations. The only thing that ran so far is COMBOFIX and here is the log for it. I truely hope someone can help me here, as this is the most recommended place I found. I'm a graphic designer and under a very tight schedule, so not being able to fix this in the next few days will have horrible consequences on me. THANKS FOR THE HELP IN ADVANCE!!! david. ComboFix 08-03-23.2 - dave 2008-03-23 23:42:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1591 [GMT 0:00] Running from: C:\Documents and Settings\dave\Local Settings\Temporary Internet Files\Content.IE5\ORUF9Q70\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Other TimeOuts -- Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF15905.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\" >progfile.dat" VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\" CF15905.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\recover.reg C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\down\100328.exe C:\WINDOWS\system32\drivers\down\101062.exe C:\WINDOWS\system32\drivers\down\101312.exe C:\WINDOWS\system32\drivers\down\101687.exe C:\WINDOWS\system32\drivers\down\103515.exe C:\WINDOWS\system32\drivers\down\104421.exe C:\WINDOWS\system32\drivers\down\106687.exe C:\WINDOWS\system32\drivers\down\108015.exe C:\WINDOWS\system32\drivers\down\108421.exe C:\WINDOWS\system32\drivers\down\108796.exe C:\WINDOWS\system32\drivers\down\109718.exe C:\WINDOWS\system32\drivers\down\111781.exe C:\WINDOWS\system32\drivers\down\112265.exe C:\WINDOWS\system32\drivers\down\112359.exe C:\WINDOWS\system32\drivers\down\112656.exe C:\WINDOWS\system32\drivers\down\112843.exe C:\WINDOWS\system32\drivers\down\114453.exe C:\WINDOWS\system32\drivers\down\117375.exe C:\WINDOWS\system32\drivers\down\117968.exe C:\WINDOWS\system32\drivers\down\118046.exe C:\WINDOWS\system32\drivers\down\121296.exe C:\WINDOWS\system32\drivers\down\124250.exe C:\WINDOWS\system32\drivers\down\125609.exe C:\WINDOWS\system32\drivers\down\131531.exe C:\WINDOWS\system32\drivers\down\132234.exe C:\WINDOWS\system32\drivers\down\134671.exe C:\WINDOWS\system32\drivers\down\147187.exe C:\WINDOWS\system32\drivers\down\147484.exe C:\WINDOWS\system32\drivers\down\153296.exe C:\WINDOWS\system32\drivers\down\153765.exe C:\WINDOWS\system32\drivers\down\157578.exe C:\WINDOWS\system32\drivers\down\163703.exe C:\WINDOWS\system32\drivers\down\169375.exe C:\WINDOWS\system32\drivers\down\176234.exe C:\WINDOWS\system32\drivers\down\51031.exe C:\WINDOWS\system32\drivers\down\52265.exe C:\WINDOWS\system32\drivers\down\52968.exe C:\WINDOWS\system32\drivers\down\53140.exe C:\WINDOWS\system32\drivers\down\53796.exe C:\WINDOWS\system32\drivers\down\54250.exe C:\WINDOWS\system32\drivers\down\54937.exe C:\WINDOWS\system32\drivers\down\56250.exe C:\WINDOWS\system32\drivers\down\56312.exe C:\WINDOWS\system32\drivers\down\58093.exe C:\WINDOWS\system32\drivers\down\58328.exe C:\WINDOWS\system32\drivers\down\58640.exe C:\WINDOWS\system32\drivers\down\58734.exe C:\WINDOWS\system32\drivers\down\60406.exe C:\WINDOWS\system32\drivers\down\60718.exe C:\WINDOWS\system32\drivers\down\61734.exe C:\WINDOWS\system32\drivers\down\62875.exe C:\WINDOWS\system32\drivers\down\63125.exe C:\WINDOWS\system32\drivers\down\63515.exe C:\WINDOWS\system32\drivers\down\65515.exe C:\WINDOWS\system32\drivers\down\66000.exe C:\WINDOWS\system32\drivers\down\66140.exe C:\WINDOWS\system32\drivers\down\68531.exe C:\WINDOWS\system32\drivers\down\69421.exe C:\WINDOWS\system32\drivers\down\70937.exe C:\WINDOWS\system32\drivers\down\72687.exe C:\WINDOWS\system32\drivers\down\75531.exe C:\WINDOWS\system32\drivers\down\77562.exe C:\WINDOWS\system32\drivers\down\79093.exe C:\WINDOWS\system32\drivers\down\79234.exe C:\WINDOWS\system32\drivers\down\79875.exe C:\WINDOWS\system32\drivers\down\81734.exe C:\WINDOWS\system32\drivers\down\82562.exe C:\WINDOWS\system32\drivers\down\84375.exe C:\WINDOWS\system32\drivers\down\85859.exe C:\WINDOWS\system32\drivers\down\87953.exe C:\WINDOWS\system32\drivers\down\89406.exe C:\WINDOWS\system32\drivers\down\89781.exe C:\WINDOWS\system32\drivers\down\90046.exe C:\WINDOWS\system32\drivers\down\92484.exe C:\WINDOWS\system32\drivers\down\92984.exe C:\WINDOWS\system32\drivers\down\93234.exe C:\WINDOWS\system32\drivers\down\93843.exe C:\WINDOWS\system32\drivers\down\94109.exe C:\WINDOWS\system32\drivers\down\95421.exe C:\WINDOWS\system32\drivers\down\95796.exe C:\WINDOWS\system32\drivers\down\97703.exe C:\WINDOWS\system32\drivers\down\99125.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\prsgrc.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))) . 2008-03-23 14:45 . 2008-03-23 14:45 <DIR> d-------- C:\Program Files\Vara Software 2008-03-21 16:05 . 2008-03-22 11:34 <DIR> d-------- C:\Program Files\WH GBP Casino 2008-03-21 16:05 . 2007-06-22 17:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe 2008-03-21 16:04 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\William Hill Poker 2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys 2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys 2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-03-19 18:56 . 2008-03-19 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vara Software 2008-03-19 18:50 . 2008-03-19 18:50 <DIR> d-------- C:\Documents and Settings\dave\Application Data\Vara Software 2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys 2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys 2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys 2008-03-16 14:31 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys 2008-03-16 14:31 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys 2008-03-16 14:31 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL 2008-03-16 14:31 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys 2008-03-16 14:31 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys 2008-03-16 14:31 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll 2008-03-05 18:38 . 2008-03-19 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\system32\tmp10298.FOT 2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-03 20:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-03-03 19:45 . 2008-03-03 23:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-03 19:45 . 2008-03-03 23:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-03 15:31 . 2007-08-01 10:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe 2008-03-02 17:07 . 2007-11-28 14:03 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1803.ROM 2008-03-02 17:05 . 2008-03-02 17:07 606,107 --a------ C:\WINDOWS\P5B-ASUS-1803.zip 2008-03-02 16:51 . 2007-11-02 09:29 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1705.ROM 2008-03-02 16:48 . 2008-03-02 16:51 603,850 --a------ C:\WINDOWS\P5B1705.zip 2008-03-02 16:31 . 2007-01-30 15:40 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1102.ROM 2008-03-02 16:31 . 2008-03-02 16:31 583,607 --a------ C:\WINDOWS\P5B-1102.zip 2008-03-02 16:16 . 2006-10-26 20:35 1,048,576 -ra------ C:\WINDOWS\P5B-0806.ROM 2008-03-02 16:15 . 2008-03-02 16:16 579,246 --a------ C:\WINDOWS\P5B-0806.zip 2008-03-02 16:01 . 2006-10-02 17:42 1,048,576 --a------ C:\WINDOWS\P5B-0701.ROM 2008-03-02 16:00 . 2008-03-02 16:01 577,571 --a------ C:\WINDOWS\P5B-0701.zip 2008-03-02 15:46 . 2006-09-06 20:32 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-0509.ROM 2008-03-02 15:41 . 2008-03-02 15:46 575,646 --a------ C:\WINDOWS\P5B-0509.zip 2008-03-02 14:11 . 2008-03-02 14:36 <DIR> d-------- C:\Program Files\ASUS 2008-03-02 14:11 . 2006-01-10 08:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll 2008-03-02 14:11 . 2005-12-22 02:22 5,685 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-03-02 14:11 . 2005-07-05 10:43 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-03-02 14:11 . 2005-07-05 10:43 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-03-02 14:09 . 2008-03-02 14:09 <DIR> dr------- C:\WINDOWS\AsDmiHtm 2008-02-29 21:34 . 2008-02-29 21:34 <DIR> d-------- C:\Program Files\Classic Menu for Office 2008-02-29 21:34 . 2008-03-23 01:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-29 16:48 . 2008-02-29 16:48 <DIR> d-------- C:\Documents and Settings\dave\Application Data\GridIron 2008-02-29 16:47 . 2008-02-29 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software 2008-02-29 15:51 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\MSBuild 2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\Microsoft Works 2008-02-29 15:48 . 2008-02-29 15:48 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-02-29 15:40 . 2008-03-12 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-29 15:39 . 2008-02-29 15:39 <DIR> dr-h----- C:\MSOCache 2008-02-29 15:18 . 2008-03-04 00:10 <DIR> d-------- C:\Program Files\PowerISO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-23 22:16 --------- d-----w C:\Documents and Settings\dave\Application Data\uTorrent 2008-03-23 15:44 --------- d-----w C:\Program Files\XoftSpySE 2008-03-21 23:32 --------- d-----w C:\Program Files\Soulseek 2008-03-20 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-13 09:54 --------- d-----w C:\Documents and Settings\dave\Application Data\BSplayer Pro 2008-03-12 00:03 --------- d-----w C:\Documents and Settings\dave\Application Data\Ahead 2008-03-04 00:14 --------- d-----w C:\Program Files\Vtune 2008-03-04 00:14 --------- d-----w C:\Program Files\uTorrent 2008-03-04 00:08 --------- d-----w C:\Program Files\MagicISO 2008-03-04 00:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-04 00:05 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-03 23:58 --------- d-----w C:\Program Files\Bonjour 2008-03-03 23:58 --------- d-----w C:\Program Files\Avant Browser 2008-02-22 14:24 --------- d-----w C:\Program Files\GenArts 2008-02-14 15:42 --------- d-----w C:\Program Files\Disc2Phone 2008-02-14 15:30 --------- d-----w C:\Documents and Settings\dave\Application Data\Teleca 2008-02-14 15:29 --------- d-----w C:\Documents and Settings\dave\Application Data\Sony Ericsson 2008-02-14 15:27 --------- d-----w C:\Program Files\Sony Ericsson 2008-02-14 15:27 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared 2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-02-12 23:56 --------- d-----w C:\Program Files\Vertus Fluid Mask 3 2008-02-12 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\VertusTech 2008-01-31 19:25 --------- d-----w C:\Program Files\DivX 2008-01-31 13:57 --------- d-----w C:\Program Files\THQ 2008-01-31 13:37 --------- d-----w C:\Program Files\Ulead Systems 2008-01-24 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-01-23 23:58 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-01-23 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-01-23 23:23 --------- d-----w C:\Documents and Settings\dave\Application Data\InterVideo 2008-01-23 23:20 --------- d-----w C:\Program Files\InterVideo Information Service 2008-01-23 23:20 --------- d-----w C:\Program Files\Common Files\Ulead 2008-01-23 23:20 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-01-23 23:19 --------- d-----w C:\Program Files\InterVideo 2008-01-23 22:50 --------- d-----w C:\Documents and Settings\dave\Application Data\Ulead Systems 2008-01-23 22:46 --------- d-----w C:\Documents and Settings\dave\Application Data\DivX 2008-01-23 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo 2008-01-17 00:49 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-15 15:40 3,727,360 ----a-w C:\WINDOWS\system32\sapphire_ae.dll 2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2007-10-15 11:52 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-10-15 11:52 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2007-10-15 11:52 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101520071016\index.dat 2007-10-15 11:52 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 08:45 385024] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344] "P17Helper"="P17.dll" [2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 02:43 53340] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 19:25 180269] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-23 23:44 79224] "CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416] "atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-06-02 13:22 28160 C:\WINDOWS\KHALMNPR.Exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 14:57 582144] "Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49 1093632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 21:34 155648] "eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-01-02 21:14 258048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-11 16:55:20 450560] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\Avant Browser\\avant.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"= "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\William Hill Poker\\UA.exe"= "C:\\Program Files\\Vara Software\\Wirecast\\Wirecast.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59c4e1c2-9ae8-11dc-bd15-00173183073c}] \Shell\AutoRun\command - F:\oufddh.exe \Shell\explore\Command - F:\oufddh.exe \Shell\open\Command - F:\oufddh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608ef21c-7b6c-11dc-bce5-00173183073c}] \Shell\Auto\command - F:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - F:\activexdebugger32.exe f \Shell\open\Command - F:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ab118e-9f6d-11dc-bd19-00173183073c}] \Shell\auto\command - F:\Knight.exe open \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - F:\Knight.exe open \Shell\find\command - F:\Knight.exe open \Shell\install\command - F:\Knight.exe open \Shell\open\command - F:\Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e40-83de-11dc-bcf7-00173183073c}] \Shell\Auto\command - activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - activexdebugger32.exe f \Shell\find\command - Knight.exe open \Shell\install\command - Knight.exe open \Shell\open\Command - activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e43-83de-11dc-bcf7-00173183073c}] \Shell\Auto\command - G:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - G:\activexdebugger32.exe f \Shell\open\Command - G:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d6-8ba6-11dc-bd08-00173183073c}] \Shell\Auto\command - F:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - F:\activexdebugger32.exe f \Shell\open\Command - F:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d9-8ba6-11dc-bd08-00173183073c}] \Shell\Auto\command - F:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - F:\activexdebugger32.exe f \Shell\open\Command - F:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4582c0c-8e2b-11dc-bd0c-00173183073c}] \Shell\Auto\command - F:\activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - F:\activexdebugger32.exe f \Shell\open\Command - F:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdec1a0f-818f-11dc-bcf3-00173183073c}] \Shell\Auto\command - activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - activexdebugger32.exe f \Shell\find\command - Knight.exe open \Shell\install\command - Knight.exe open \Shell\open\Command - activexdebugger32.exe f . Contents of the 'Scheduled Tasks' folder "2008-03-23 23:47:14 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2008-01-07 16:23:56 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-23 23:47:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\nvsvc32.exe . ************************************************************************ . Completion time: 2008-03-23 23:54:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-23 23:54:42 . 2008-03-12 03:03:09 --- E O F ---

Replies

RatHat View Member Profile	Mar 30 2008, 12:54 PM Post #102
GeekU Mod Posts: 7,823 From: Lake Mabprachan, Thailand OS: XP SP2 ~ Vista Ultimate	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Posts in this topic

verve Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED] Mar 23 2008, 06:07 PM

RatHat E Drive looks clean, I would unplug that now until... Mar 27 2008, 08:55 PM

verve you legend! so that means im clean and good? a... Mar 28 2008, 07:57 AM

verve my C: drive and destkop are covered in scanners an... Mar 28 2008, 09:41 AM

RatHat OK, Dave, From what I can see, your log is clean.... Mar 28 2008, 12:36 PM

verve can u tell me what can be deleted and what not?... Mar 28 2008, 01:05 PM

verve i see the list only includes free antivirus. Would... Mar 28 2008, 01:19 PM

RatHat Dave, The free anti viruses, combined with the fr... Mar 28 2008, 01:52 PM

verve ok i hear you. nice one. do i still need avira ... Mar 28 2008, 02:01 PM

verve hi rathat. avast is running and its all fine. pc... Mar 28 2008, 02:12 PM

RatHat Keep Avira, it works right, so no need to install ... Mar 28 2008, 02:15 PM

verve thanx a lot mate!!! so you think alon... Mar 28 2008, 02:51 PM

RatHat Each component, AV, Firewall and AS does a differe... Mar 28 2008, 03:09 PM

verve rathat i wanna thank you one more time. cheers for... Mar 29 2008, 11:19 AM

RatHat Since this issue appears to be resolved ... this T... Mar 30 2008, 12:53 PM

RatHat Since this issue appears to be resolved ... this T... Mar 30 2008, 12:54 PM

2 Pages

< 1 2

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Cant open folders! plz help[RESOLVED]	27 / 2,350	19th May 2005 - 03:01 PM 02rja started - last by don77
Virus, Spyware and Trojan Removal cant access antivirus sites [RESOLVED]	7 / 1,107	8th August 2005 - 02:49 AM hoopsguru started - last by kool808
Virus, Spyware and Trojan Removal I need Help! Plz Help [RESOLVED]	8 / 300	27th October 2005 - 04:20 PM xXNightmareXx started - last by Trevuren
Virus, Spyware and Trojan Removal spyware - hijackthis log posted - plz help [RESOLVED]	9 / 845	20th August 2007 - 08:44 AM staticVoid started - last by don77