Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antispyware.net Virus


  • Please log in to reply

#1
cpgrad

cpgrad

    Member

  • Member
  • PipPip
  • 10 posts
Need help cleaning out a virus...believed to be Antispyware,net virus. Hijack This and Combo fix and Activescan logs provided below.

Thanks!


**********************************************
******************HiJack This Log*****************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:11 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Batco\X_bat.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\GetYahoo\YcheckH.dll
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Batco\bat.dll
O2 - BHO: (no name) - {7B8F061F-814C-4009-9620-758CF4C47449} - C:\WINDOWS\System32\webcln.dll
O2 - BHO: (no name) - {FC193531-AF69-459B-ACED-7841F30E3C61} - C:\WINDOWS\System32\webcln.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack13] "C:\Program Files\QdrPack\QdrPack13.exe"
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Batco\bat.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...242/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

--
End of file - 6153 bytes



*********************************************
*****************ComboFix Log*****************


ComboFix 08-03-03.17 - TheGillettes 2008-03-03 20:29:19.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.81 [GMT -5:00]
Running from: C:\Documents and Settings\TheGillettes\Local Settings\Temporary Internet Files\Content.IE5\4JA52RC5\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive11.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack13.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Windows NT\sidyjetyc777444.dll
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\DRVINST.EXE
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\000060.exe
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\CMMGR32.EXE
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 19:50 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-03 19:10 . 2008-03-03 19:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-03 19:10 . 2008-03-03 19:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-03 19:10 . 2008-03-03 19:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-03 19:10 . 2008-03-03 19:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-03 19:10 . 2008-03-03 19:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 16:53 . 2008-03-03 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-03-03 16:52 . 2008-03-03 16:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-03 16:52 . 2008-03-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 16:52 . 2008-03-03 16:52 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\SUPERAntiSpyware.com
2008-03-03 16:10 . 2008-03-03 16:10 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\Grisoft
2008-03-03 16:09 . 2008-03-03 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-03-03 16:09 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-03 15:38 . 2008-03-03 15:38 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-02 18:12 . 2008-03-02 18:12 40,960 --a------ C:\WINDOWS\system32\rfhdfhw.exe
2008-03-02 18:12 . 2008-03-02 18:12 40,960 --a------ C:\WINDOWS\gfhy45juyhgr.exe
2008-03-02 18:12 . 2008-03-02 18:12 20,480 --a------ C:\WINDOWS\quit.exe
2008-03-02 18:08 . 2008-03-02 18:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Rabio
2008-03-02 18:07 . 2008-03-02 18:07 <DIR> d-------- C:\Program Files\Batco
2008-03-02 18:07 . 2001-08-18 05:00 88,064 --a------ C:\WINDOWS\system32\webcln.dll
2008-03-02 18:07 . 2008-03-02 18:07 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-02 08:37 . 2008-03-02 08:37 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\Move Networks
2008-03-02 08:32 . 2008-03-02 08:32 62,024 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 11:30 . 2002-11-14 14:42 218,624 --a------ C:\WINDOWS\system32\srrstr.dll
2008-03-01 11:28 . 2008-03-01 11:28 <DIR> d--h----- C:\WINDOWS\$xpsp1hfm$
2008-03-01 11:28 . 2008-03-01 11:28 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-01 11:28 . 2004-01-10 00:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-03-01 11:15 . 2008-03-01 11:15 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-01 10:42 . 2008-03-01 10:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2008-03-01 10:42 . 2008-03-01 10:43 972 --a------ C:\WINDOWS\WinInit.Ini
2008-03-01 09:58 . 2008-03-01 09:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-25 19:31 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-25 19:31 . 2004-06-30 18:59 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2008-02-25 19:31 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-25 19:31 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-25 19:31 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-25 19:31 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-25 19:31 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-25 19:27 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-25 19:27 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-25 19:27 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-25 19:27 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-02-25 19:27 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-02-25 19:27 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-02-25 19:27 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-12 12:46 . 2008-02-12 12:46 <DIR> d-------- C:\Program Files\viewsonic
2008-02-12 12:46 . 2008-02-12 12:46 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\Leadertech
2008-02-12 12:46 . 2008-02-12 12:47 102 --a------ C:\WINDOWS\VSWizard.ini
2008-02-12 12:38 . 2008-02-12 12:38 <DIR> d-------- C:\Program Files\Snapshot Viewer
2008-02-12 12:38 . 2008-02-12 12:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
2008-02-12 12:35 . 2008-02-12 12:40 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-12 12:34 . 2001-05-22 21:15 94,208 --a------ C:\WINDOWS\system32\dllcache\fpencode.dll
2008-02-12 12:33 . 2008-02-12 12:33 <DIR> d-------- C:\WINDOWS\ShellNew
2008-02-12 12:32 . 2008-02-12 12:32 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\Microsoft Web Folders
2008-02-12 12:13 . 2008-02-12 12:13 <DIR> d---s---- C:\Documents and Settings\TheGillettes\UserData
2008-02-12 11:01 . 2008-02-12 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2008-02-12 10:56 . 2008-02-12 10:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-12 10:54 . 2008-02-12 10:54 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-12 10:53 . 2008-02-12 10:53 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-12 10:51 . 2008-02-12 10:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-12 10:50 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-12 10:50 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-12 10:50 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-12 10:50 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-12 10:50 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-12 10:50 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-12 10:48 . 2008-02-12 10:48 <DIR> d-------- C:\Program Files\HP
2008-02-12 10:47 . 2008-02-12 11:04 68,900 --a------ C:\WINDOWS\hpoins05.dat
2008-02-12 10:47 . 2004-12-14 11:07 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-02-11 17:56 . 2008-02-11 17:56 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-02-11 17:56 . 2001-09-08 13:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-02-11 17:56 . 2001-09-08 13:05 <DIR> d-------- C:\Documents and Settings\TheGillettes\WINDOWS
2008-02-11 17:56 . 2001-09-08 14:19 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\Sony Corporation
2008-02-11 17:56 . 2001-09-08 13:02 <DIR> d-------- C:\Documents and Settings\TheGillettes\Application Data\InterTrust
2008-02-11 17:56 . 2001-09-08 13:05 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 22:52 97,280 ----a-w C:\WINDOWS\system32\imm32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-02-04 11:33 401408 --------- C:\Program Files\Batco\bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B8F061F-814C-4009-9620-758CF4C47449}]
2001-08-18 05:00 88064 --a------ C:\WINDOWS\System32\webcln.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [ ]
"QdrPack13"="C:\Program Files\QdrPack\QdrPack13.exe" [ ]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2001-09-08 12:56 28672]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" [2001-09-06 20:25 294982]
"WebTrapNT.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" [2001-09-06 20:20 235520]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2001-09-10 19:36 2339]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\TheGillettes\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-02-12 12:47:06 225280]
Bat - Auto Update.lnk - C:\Program Files\Batco\bat.exe [2008-03-02 18:06:49 178604]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2001-09-08 12:51:48 40960]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-09-08 12:52:03 113664]
Real-time Monitor.lnk - C:\WINDOWS\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_299368D.exe [2001-09-08 13:07:52 57344]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 SonyFanC;FAN Control Device Service;C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 16:21]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 12:11]

*Newly Created Service* - OOBPODNMQLSU
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 20:32:37
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 20:33:29
ComboFix-quarantined-files.txt 2008-03-04 01:33:22
.
2008-03-01 16:40:54 --- E O F ---



******************************************************
*****************Activescan Log************************



Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\TheGillettes\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Potentially unwanted tool:application/activitymon Not disinfected c:\program files\AMSYS
Adware:adware/activshopper Not disinfected c:\program files\e-zshopper
Adware:adware/adbars Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Adware:adware/adsincontext Not disinfected Windows Registry
Adware:Adware/Adband Not disinfected C:\WINDOWS\SYSTEM32\000070.EXE[ism.exe]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TheGillettes\Cookies\[email protected][1].txt
Adware:Adware/Adband Not disinfected C:\Program Files\ISM\ISM.EXE
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP