Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP MALWARE


  • This topic is locked This topic is locked

#1
davepembo

davepembo

    New Member

  • Member
  • Pip
  • 6 posts
WENT TO GET A PASSWORD FROM AN AXXO TORRENT WHICH I TRUSTED ABD NOW I AM IN SINKING SAND,

I HAVE FOLLOWED ALL INSTRUCTION FROM THE FORUM BUT WAS UNABLE TO DOWNLOAD "SUPER ANTI SPYWARE". AT THIS STAGE I HAVE LOADS OF ANTI SPYWARE BUT THIS STUFF JUST WON'T GO AWAY.

CAN ANYONE STEP ME THROUGH ALL THIS , HERE ARE ALL MY LOGS:

"David" - 07-02-07 17:00:41 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\David\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\SVKP.sys


((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


2007-02-06 21:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-02-06 20:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-06 19:43 786,432 --ah----- C:\DOCUME~1\ADMINI~1.000\NTUSER.DAT
2007-02-06 19:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\WINDOWS
2007-02-06 19:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\Application Data\You've Got Pictures Screensaver
2007-02-06 19:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\Application Data\Symantec
2007-02-06 19:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\Application Data\Sun
2007-02-06 19:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\Application Data\Real
2007-02-06 19:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 19:20 <DIR> d-------- C:\Program Files\Grisoft
2007-02-05 21:52 <DIR> d-------- C:\Program Files\Viewpoint
2007-02-05 21:06 <DIR> d-------- C:\DOCUME~1\David\Application Data\McAfee
2007-02-05 20:07 <DIR> d-------- C:\Program Files\ParetoLogic
2007-02-05 20:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ParetoLogic Anti-Spyware
2007-02-05 00:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SN0\Application Data\Lavasoft
2007-02-05 00:04 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SN0\NTUSER.DAT
2007-02-05 00:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SN0\Application Data\Real
2007-02-04 23:08 <DIR> d-------- C:\kav
2007-02-03 15:57 <DIR> d-------- C:\Program Files\GameTop.com
2007-02-01 20:16 5,242,880 --a------ C:\DOCUME~1\David\ntuser.dat
2007-02-01 20:16 233,472 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-01-29 21:41 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-01-29 21:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Motive
2007-01-29 17:49 <DIR> d-------- C:\Program Files\SopCast
2007-01-29 17:49 <DIR> d-------- C:\DOCUME~1\David\Application Data\SopCast
2007-01-26 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Ahead
2007-01-20 12:03 <DIR> d-------- C:\DOCUME~1\Aaron\Application Data\Sports Interactive
2007-01-12 03:22 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 19:55 <DIR> d-------- C:\DOCUME~1\David\Application Data\Apple Computer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-06 18:30 -------- d-------- C:\DOCUME~1\David\Application Data\utorrent
2007-02-06 17:07 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-02-05 22:18 -------- d-------- C:\Program Files\windows defender
2007-02-05 17:11 -------- d-------- C:\Program Files\mozilla firefox
2007-02-04 01:52 -------- d-------- C:\Program Files\pacificpoker
2007-02-03 20:00 3047 --a------ C:\WINDOWS\mozver.dat
2007-02-03 11:13 -------- d-------- C:\Program Files\aol 9.0
2007-02-02 20:50 -------- d---s---- C:\DOCUME~1\David\Application Data\microsoft
2007-01-29 21:40 -------- d-------- C:\Program Files\motive
2007-01-27 20:45 -------- d-------- C:\Program Files\avi2dvd
2007-01-27 20:44 -------- d-------- C:\Program Files\avisynth 2.5
2007-01-22 21:24 -------- d-------- C:\Program Files\Common Files\aol
2007-01-20 05:11 -------- d-------- C:\Program Files\incomplete
2007-01-02 19:09 -------- d-------- C:\Program Files\uouo
2007-01-01 13:39 -------- d-------- C:\Program Files\Common Files\motorola shared
2006-12-27 00:50 26 --a------ C:\WINDOWS\winstart.bat
2006-12-27 00:50 123 --a------ C:\WINDOWS\tmpcpyis.bat
2006-12-27 00:50 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-12-27 00:44 -------- d-------- C:\Program Files\sierra on-line
2006-12-26 17:28 -------- d-------- C:\DOCUME~1\David\Application Data\sony
2006-12-26 17:09 -------- d-------- C:\Program Files\sony
2006-12-26 16:54 -------- d-------- C:\Program Files\quicktime
2006-12-26 16:49 -------- d-------- C:\Program Files\apple software update
2006-12-26 16:25 -------- d-------- C:\DOCUME~1\David\Application Data\sony setup
2006-12-26 16:16 -------- d-------- C:\Program Files\sony setup
2006-12-24 15:47 -------- d-------- C:\DOCUME~1\David\Application Data\ahead
2006-12-24 15:17 -------- d-------- C:\Program Files\videolan
2006-12-24 11:58 -------- d-------- C:\Program Files\nero
2006-12-24 11:58 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-23 13:36 -------- d-------- C:\DOCUME~1\David\Application Data\vlc
2006-12-22 17:24 -------- d-------- C:\Program Files\camfrog
2006-12-21 03:16 -------- d-------- C:\DOCUME~1\David\Application Data\camfrog
2006-12-20 17:00 -------- d--h----- C:\Program Files\installshield installation information
2006-12-20 17:00 -------- d-------- C:\Program Files\microsoft games(2)
2006-12-20 16:59 -------- d-------- C:\Program Files\winavivideoconverter
2006-12-20 16:59 -------- d-------- C:\Program Files\divx
2006-12-20 16:59 -------- d-------- C:\Program Files\codec pack - all in 1
2006-12-16 20:20 -------- d-------- C:\Program Files\cucusoft
2006-12-15 20:27 -------- d-------- C:\DOCUME~1\David\Application Data\securom
2006-12-14 20:06 -------- d-------- C:\Program Files\registry repair
2006-12-14 20:04 -------- d-------- C:\Program Files\google
2006-12-14 19:33 -------- d-------- C:\Program Files\Common Files\odbc
2006-12-13 17:52 20992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2006-12-13 14:23 -------- d-------- C:\Program Files\aol
2006-12-12 22:39 -------- d-------- C:\DOCUME~1\David\Application Data\glarysoft
2006-12-12 21:52 -------- d-------- C:\Program Files\3b software
2006-12-08 20:01 -------- d-------- C:\DOCUME~1\David\Application Data\skype
2006-12-07 06:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 10:14 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-12-02 23:14 28 --a------ C:\WINDOWS\system32\autoscan4.dll
2006-11-27 11:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-11-13 14:45 1419232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ParetoLogic Anti-Spyware"="\"C:\\Program Files\\ParetoLogic\\Anti-Spyware\\Pareto_AS.exe\" -NM -hidesplash"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"VTTimer"="VTTimer.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1166019354\\ee\\AOLSoftware.exe"
"ctfmon"="C:\\WINDOWS\\system32\\dlg\\ctfmon.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=dword:00000000
"WinDefend"=dword:00000002
"WANMiniportService"=dword:00000002
"UserAccess7"=dword:00000002
"SymWSC"=dword:00000002
"ose"=dword:00000003
"GenericHidService"=dword:00000002
"CyberLink Media Library Service"=dword:00000002
"CLSched"=dword:00000002
"CLCapSvc"=dword:00000002
"AOL ACS"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="ParetoLogic Anti-Spyware"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vgaac

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-07 17:08:32


PANDA SCAN

Incident Status Location

Adware:adware/blazefind Not disinfected C:\WINDOWS\system32\Installer.exe
Spyware:Cookie/Mediaplex Not disinfected
C:\Documents and Settings\David\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\David\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/MyWay Not disinfected
C:\Program Files\Microsoft AntiSpyware\Quarantine\4106AC1C-160F-484A-8B27-0C4494\6BBED59A-437F-4EE4-8F54-6AC1CD
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\SmileyCentralFWBInitialSetup1.0.0.15.exe

HIJACK UNINSTALL LIST

µTorrent
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
AOL Broadband Assistant
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AVG Anti-Spyware 7.5
Avi2Dvd 0.4.4 beta
AviSynth 2.5
Aztech CNR2900 V.90 Modem
BitZipper 4.1 SR-1
Caesar 3
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
D-Link VGA Webcam
Football Manager 2007
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero 7 Premium
Pacific Poker
Packard Bell - Skype 2.5
ParetoLogic Anti-Spyware
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sierra Utilities
Sonic MyDVD
Sonic RecordNow!
Sony Media Manager for PSP 2.0b
SopCast 1.1.1
SopCore 1.1.1
Spybot - Search & Destroy 1.3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
XP Codec Pack

Logfile of HijackThis v1.99.1
Scan saved at 00:31:58, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1166019354\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\dlg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\David\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\David\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co...t=true&query=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166019354\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\David\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1118282241671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127250503718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: vgaac - C:\WINDOWS\vgaac.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Please abide by the rules of the forum and only post one topic, do not duplicate or bump your post. You already have a live topic in malware here:

http://www.geekstogo...s...st&p=900157

If, after 3 days, you have not received a reply, post a link to the original in the Waiting Room.

Please remember that ALL members of staff here at Geeks To Go are volunteers with their own families and lives making demands upon their time. They give as much time as they can spare, but it will never be enough to satisfy everyone.

Thanks for your co-operation..

This topic is now closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP