Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have 4 Trojans


  • Please log in to reply

#1
Johnny Relentless

Johnny Relentless

    New Member

  • Member
  • Pip
  • 3 posts
I have pasted reports from Hijack this, Clam AV and Runscanner. I have a computer repair utility kit which I downloaded from Runscanner (I think). The website says some of those tools may come up as Trojans, but the 4 Trojans that Clam AV found don't seem to be in the location I downloaded the kit to (My Documents). I would appreciate any help you can give me.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:46 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Portable apps USB-512\PStart.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Darren\My Documents\Computer Repair Utility Kit\Computer Repair Utility Kit\Virus and Malware Removal Tools\RunScanner.exe
C:\Documents and Settings\Darren\My Documents\runscanner.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Darren\LOCALS~1\Temp\delus.exe
O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\Darren\LOCALS~1\Temp\ws_uninst.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

--
End of file - 12326 bytes




Scan Started Sun Jan 20 19:13:19 2008

-------------------------------------------------------------------------------



WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\default\Local Settings\Temporary Internet Files\Content.IE5\F36QA0OY\site=cnn&cnn_pagetype=feature_series&cnn_position=180x150_lft&cnn_rollup=technology&cnn_section=consumer_electronics_show&page.allowcompete=yes&params[1].[1].Slsm/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\0XYK7BET\182;sz=480x70;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=1;dcopt=ist;ord=90833[1].asx.asxjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\0XYK7BET\sz=300x250;!c=3;kvid=CY86R1qjgDc;kpu=CBS;kgender=m;ko=p;kpid=3;kr=F;kage=40;kt=U;u=CY86R
1qjgDc%7C3%7C098F3A475AA38037;tile=1;dcopt=ist;ord=3115080121230590[1].htm.htmjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\177403865;sz=450x60;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=2;ord=906387487[1].asx.asxjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\70;!c=1007;kvid=uXgU-22ymnQ;kpu=stellastewart;kgender=m;ko=y;kpid=1007;kr=F;kage=40;kt=U;u=uXgU-22ymnQ%7C1007%7CB97814FB6DB29A74;tile=1;dcopt=ist;ord=90976[1].asx.asxjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\=1;pid=18708550;aid=175629340;ko=0;cid=24425136;rid=24442989;rv=1;&timestamp=1200754806500;eid1=2;ecn1=1;etm1=10;eid2=3;ecn2=1;etm2=2;eid3=4;ec
n3=1;etm3=0;[1].gif.gifjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\N54KNUN9\sz=480x70;!c=79;kvid=w_EHF172MOc;kpu=lonelygirl15;kgender=m;ko=y;kpid=79;kr=F;kage=40;k
t=U;u=w_EHF172MOc%7C79%7CC3F107175EF630E7;tile=1;dcopt=ist;ord=79619[1].asx.asxjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\Q81Q6ZZC\c=79;kvid=w_EHF172MOc;kpu=lonelygirl15;kgender=m;ko=y;kpid=79;kr=F;kage=40;
kt=U;u=w_EHF172MOc%7C79%7CC3F107175EF630E7;tile=1;dcopt=ist;ord=4391709271918053[1].htm.htmjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\TZLBVVD2\77403865;sz=300x250;!c=182;kvid=92ag802X8Nk;kpu=nalts;kgender=m;ko=y;kpid=182;kr=N;kage=40;kt=U;u
=92ag802X8Nk%7C182%7CF766A0F34D97F0D9;tile=3;ord=906387487[1].htm.htmjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\TZLBVVD2\kvid=uXgU-22ymnQ;kpu=stellastewart;kgender=m;ko=y;kpid=1007;kr=F;kage=40;kt=U;u=uXgU-22ymnQ%7C1007%7CB97814FB6DB29A74;tile=1;dcopt=ist;ord=9035058276017298[1].htm.htmjk/@@, No such file or directory

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\security\tmp.edb, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied



C:\Documents and Settings\Darren\D03094768\Local Settings\Application Data\Mozilla\Firefox\Profiles\7nzzwxud.default\Cache\_CACHE_003_: Exploit.IFrame.Gen-1 FOUND

C:\Documents and Settings\Darren\default\Desktop\Client_Warzoner51_G4_ep2_p2.part1\fireguard\fgACCher.dll: Worm.Mytob.GQ-1 FOUND

C:\Documents and Settings\Darren\Desktop\Desktop\Portable apps USB-512\Utilities\SysInfo\siw\siw.exe: Exploit.DCOM.Gen FOUND

C:\Documents and Settings\Darren\Local Settings\Temp\WER2d09.dir00\explorer.exe.hdmp: Trojan.BAT.Deltree-23 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 192483

Engine version: 0.91.2

Scanned directories: 16371

Scanned files: 110773

Skipped non-executable files: 2324

Infected files: 4



Data scanned: 80221.59 MB

Time: 31094.844 sec (518 m 14 s)

--------------------------------------

Completed

--------------------------------------





Scan Started Mon Jan 21 05:56:25 2008

-------------------------------------------------------------------------------





E:\Portable apps USB-512\Utilities\SysInfo\siw\siw.exe: Exploit.DCOM.Gen FOUND

----------- SCAN SUMMARY -----------

Known viruses: 192483

Engine version: 0.91.2

Scanned directories: 97

Scanned files: 1183

Skipped non-executable files: 0

Infected files: 1



Data scanned: 150.43 MB

Time: 351.141 sec (5 m 51 s)

--------------------------------------

Completed

--------------------------------------




Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : MIR-LT-03094768
Creation time : 1/20/2008 7:06:07 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe (Adobe Systems Inc.)
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Lavasoft)
* c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe (Lavasoft AB)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
c:\program files\widcomm\bluetooth software\bin\btwdins.exe (Broadcom Corporation.)
c:\program files\widcomm\bluetooth software\bttray.exe (Broadcom Corporation.)
c:\program files\boinc\boinc.exe (Space Sciences Laboratory)
c:\program files\boinc\boincmgr.exe (Space Sciences Laboratory)
c:\program files\bonjour\mdnsresponder.exe (Apple Inc.)
c:\program files\network associates\common framework\updaterui.exe (Network Associates, Inc.)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
c:\program files\network associates\common framework\frameworkservice.exe (Network Associates, Inc.)
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
* c:\program files\google\google desktop search\googledesktop.exe (Google)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe (Hewlett-Packard Development Company, L.P.)
c:\progra~1\hpq\shared\hpqtoa~1.exe
c:\program files\hewlett-packard\shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
* c:\program files\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\program files\common files\logitech\khalshared\khalmnpr.exe (Logitech Inc.)
c:\program files\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\windows\system32\lxrjd31s.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
c:\program files\network associates\virusscan\mcshield.exe (Network Associates, Inc.)
c:\program files\network associates\virusscan\shstat.exe (Network Associates, Inc.)
c:\program files\paltalk messenger\paltalk.exe (AVM Software Inc.)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
e:\portable apps usb-512\pstart.exe (Pegtop Software)
c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe ( Hewlett-Packard Development Company, L.P.)
* c:\program files\common files\intervideo\regmgr\iviregmgr.exe (InterVideo)
c:\windows\system32\rpcnet.exe (Absolute Software Corp.)
* c:\documents and settings\darren\my documents\computer repair utility kit\computer repair utility kit\virus and malware removal tools\runscanner.exe (Runscanner.net)
* c:\documents and settings\darren\my documents\runscanner.exe (Runscanner.net)
c:\program files\boinc\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe (Space Sciences Laboratory)
c:\program files\boinc\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe (Space Sciences Laboratory)
* c:\program files\analog devices\core\smax4pnp.exe (Analog Devices, Inc.)
* c:\program files\eacceleration\station\station.exe (eAcceleration Corp)
* c:\program files\uniblue\spyeraser\spyeraser.exe (Uniblue Software)
* c:\program files\acceleration software\anti-virus\stopsignav.exe (eAcceleration Corp)
c:\program files\common files\network associates\talkback\tbmon.exe (Network Associates, Inc.)
c:\program files\network associates\virusscan\vstskmgr.exe (Network Associates, Inc.)
c:\program files\winrar\winrar.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\google\gmail notifier\gnotify.exe (Google Inc.)
c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe (Adobe Systems Inc.)
* c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe (Hewlett-Packard Development Company, L.P.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* C:\WINDOWS\khalmnpr.exe (Logitech Inc.)
* C:\WINDOWS\khalmnpr.exe (Logitech Inc.)
c:\program files\network associates\common framework\updaterui.exe (Network Associates, Inc.)
c:\program files\common files\network associates\talkback\tbmon.exe (Network Associates, Inc.)
C:\Program Files\hewlett-packard\hp quick launch buttons\qlbctrl.exe ( Hewlett-Packard Development Company, L.P.)
c:\program files\quicktime\qttask.exe (Apple Inc.)
c:\program files\network associates\virusscan\shstat.exe (Network Associates, Inc.)
* c:\program files\eacceleration\station\station.exe (eAcceleration Corp)
c:\program files\analog devices\soundmax\smax4.exe (Analog Devices, Inc.)
* c:\program files\analog devices\core\smax4pnp.exe (Analog Devices, Inc.)
* c:\program files\acceleration software\anti-virus\ssssmon.dll (eAcceleration Corp)
* c:\program files\acceleration software\anti-virus\sstsmon.dll (eAcceleration Corp)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
c:\program files\intervideo\dvd check\dvdcheck.exe (InterVideo Inc.)
* c:\program files\acceleration software\anti-virus\stopsignav.exe (eAcceleration Corp)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\uniblue\spyeraser\spyeraser.exe (Uniblue Software)

004 C:\Documents and Settings\Darren\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\boinc\boincmgr.exe (Space Sciences Laboratory)
* c:\progra~1\verizo~1\vzacce~1\vzacce~1.exe (Smith Micro Software, Inc.)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
c:\progra~1\adobe\acroba~1.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\widcomm\blueto~1\bttray.exe (Broadcom Corporation.)
c:\progra~1\interv~1\dvdche~1\dvdcheck.exe (InterVideo Inc.)
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\paltal~1\paltalk.exe (AVM Software Inc.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\common files\adobe systems shared\service\adobelmsvc.exe (Adobe LM Service)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
c:\program files\widcomm\bluetooth software\bin\btwdins.exe (Bluetooth Service)
c:\program files\bonjour\mdnsresponder.exe (Bonjour Service)
* c:\program files\google\google desktop search\googledesktop.exe (Google Desktop Manager 5.5.709.30344)
c:\program files\hewlett-packard\shared\hpqwmiex.exe (hpqwmiex)
c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\program files\common files\intervideo\regmgr\iviregmgr.exe (IviRegMgr)
C:\WINDOWS\system32\lxrjd31s.exe (Lexar JD31)
c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Machine Debug Manager)
c:\program files\network associates\common framework\frameworkservice.exe (McAfee Framework Service)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe (Net.Tcp Port Sharing Service)
c:\program files\network associates\virusscan\mcshield.exe (Network Associates McShield)
c:\program files\network associates\virusscan\vstskmgr.exe (Network Associates Task Manager)
c:\windows\system32\rpcnet.exe (Remote Procedure Call (RPC) Net)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\adihdaud.sys (ADI UAA Function Driver for High Definition Audio Service)
* C:\WINDOWS\system32\drivers\aeaudio.sys (AEAudio Service)
* C:\WINDOWS\system32\drivers\agrsm.sys (Agere Systems Soft Modem)
C:\WINDOWS\system32\drivers\naiavf5x.sys (Anti-Virus File System Filter Driver)
C:\WINDOWS\system32\drivers\btkrnl.sys (Bluetooth Bus Enumerator)
* C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom 440x 10/100 Integrated Controller)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
c:\windows\system32\drivers\entdrv51.sys (EntDrv51)
* C:\WINDOWS\system32\drivers\eabusb.sys (Extended Base)
* C:\WINDOWS\system32\drivers\eabfiltr.sys (Extended Base)
* C:\WINDOWS\system32\drivers\cpqbttn.sys (Extended Base)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
* C:\WINDOWS\system32\drivers\iastor.sys (Intel AHCI Controller)
* C:\WINDOWS\system32\drivers\netw4x32.sys (Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit)
* C:\WINDOWS\system32\drivers\l8042kbd.sys (Logitech SetPoint Keyboard Driver)
* C:\WINDOWS\system32\drivers\lhidfilt.sys (Logitech SetPoint KMDF HID Filter Driver)
* C:\WINDOWS\system32\drivers\lmoufilt.sys (Logitech SetPoint KMDF Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\lusbfilt.sys (Logitech SetPoint KMDF USB Filter)
c:\windows\system32\drivers\lxrjd31d.sys (LxrJD31d)
* C:\WINDOWS\system32\drivers\hdaudbus.sys (Microsoft UAA Bus Driver for High Definition Audio)
* C:\WINDOWS\system32\drivers\ptdcbus.sys (PANTECH PC Card Composite Device Driver (UDP))
* C:\WINDOWS\system32\drivers\ptdcvsp.sys (PANTECH PC Card Diagnostic Serial Port (UDP))
* C:\WINDOWS\system32\drivers\ptdcmdm.sys (PANTECH PC Card Drivers (UDP))
* C:\WINDOWS\system32\drivers\ptdcwwan.sys (PANTECH PC Card WWAN Controller device driver)
C:\WINDOWS\system32\drivers\mvstdi5x.sys (PNP_TDI)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\lmouke.sys (SetPoint Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\l8042mou.sys (SetPoint PS/2 Mouse Filter Driver)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {47833539-D0C5-4125-9FA8-0819E2EAAC93}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
c:\program files\paltalk messenger\paltalk.exe (AVM Software Inc.) {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {47833539-D0C5-4125-9FA8-0819E2EAAC93}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {AE7CD045-E861-484f-8273-0445EE161910}
* c:\program files\java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll (Adobe Systems Inc.) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\program files\logitech\setpoint\mcplext.dll (Logitech Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}
c:\program files\logitech\setpoint\kbcplext.dll (Logitech Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
c:\windows\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
* c:\program files\acceleration software\anti-virus\dsshell.dll (eAcceleration Corp) {BB83FD23-AC96-472D-8AA2-7D8560A61D1A}
c:\program files\textpad 4\system\shellext.dll (Helios Software Solutions) {2F25CF20-C569-11D1-B94C-00608CB45480}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
* C:\WINDOWS\system32\lsdelete.exe

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
c:\windows\system32\adobepdf.dll (Adobe Systems Incorporated.)
C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)

073 %windir%\Tasks
------------------
AppleSoftwareUpdate.job : c:\program files\apple software update\softwareupdate.exe (Apple Inc.)
Low Battery Alarm Program.job :

100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn...st/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft....k/?LinkId=69157
Default_Search_URL HKLM : http://go.microsoft....k/?LinkId=54896
ProxyOverride HKCU : *.local
Search Page HKCU : http://www.microsoft...amp;ar=iesearch
Search Page HKLM : http://go.microsoft....k/?LinkId=54896
SearchAssistant HKLM : http://www.google.com/ie
ShellNext HKCU : http://www.microsoft...p...&ar=msnhome
Start Page HKCU : http://www.microsoft...p...&ar=msnhome
Start Page HKLM : http://go.microsoft....k/?LinkId=69157

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll (Adobe Systems Incorporated) {182EC0BE-5110-49C8-A062-BEB1D02A220B}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\ogacheckcontrol.dll {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
* c:\windows\system32\macromed\director\swdir.dll (Adobe Systems, Inc.) {166B1BCA-3F9C-11CF-8075-444553540000}
* c:\program files\divx\divx web player\npdivx32.dll (DivX,Inc.) {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\oracle\jinitiator 1.1.8.16\bin\beans.ocx (Oracle Corporation) {9b935470-ad4a-11d5-b63e-00c04faedb18}
c:\windows\opuc.dll (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
* c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9d.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Convert link target to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert link target to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert selected links to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Convert selected links to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Convert selection to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert selection to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Convert to Adobe PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Convert to existing PDF : res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
Send To &Bluetooth : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
---------------------------------------------------------------------------------
c:\program files\bonjour\mdnsnsp.dll (Apple Inc.)

136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
---------------------------------------------------------------------
c:\docume~1\darren\locals~1\temp\delus.exe (H+BEDV Datentechnik GmbH)
* c:\program files\acceleration software\anti-virus\ssssmon.dll (eAcceleration Corp)

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
##10.32.8.120#g : Z:\autorun.exe
{4a95bb05-8642-11dc-8c57-806d6172696f} : D:\LaunchTraining.exe
E : E:\LaunchU3.exe -a

171 HKCU\Control Panel\Desktop\SCRNSAVE.EXE
-------------------------------------------
c:\windows\boinc.scr (Space Sciences Laboratory)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\textpad 4\system\shellext.dll (Helios Software Solutions) {2F25CF20-C569-11D1-B94C-00608CB45480}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* c:\program files\acceleration software\anti-virus\dsshell.dll (eAcceleration Corp) {BB83FD23-AC96-472D-8AA2-7D8560A61D1A}
c:\program files\network associates\virusscan\shext.dll (Network Associates, Inc.) {cda2863e-2497-4c49-9b89-06840e070a87}
c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll (Adobe Systems Inc.) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
  • 0

Advertisements


#2
Johnny Relentless

Johnny Relentless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I forgot to mention that my computer keeps rebooting itself after a message appears saying unexpected error code -1 in system 32.
  • 0

#3
Johnny Relentless

Johnny Relentless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I solved the problem myself. I just had to check the logs from an AV called Clam AV, which takes about 12 hours to scan my computer, but it's the only one of several AVs I tried that found them. I just navigated to the 3 different areas where the trojans were located, deleted them emptied the recycle bin, and shut down the computer for a few minutes. It seems to have done the trick. Previously when I tried deleting an infected file, it just kept coming back within a few minutes. Once I deleted it in all 3 locations at once, it was truly gone.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP