Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VBS/Sasan-Fam removal help

Started by knotquiteawake , Apr 09 2008 04:01 PM

  • Please log in to reply

#1
knotquiteawake
Posted 09 April 2008 - 04:01 PM

knotquiteawake

    New Member

  • Member
  • Pip
  • 4 posts
Included is a hijackthis log and below that is a combofixlog


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:16 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\B's Recorder GOLD8\bgsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\WINDOWS\system32\PhxPsSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKLM\..\Run: [FWcpbeer] "c:\Program Files\Phoenix Technologies\Applications\Rpro\XP\Vbface.exeWinBuilder\RunBlder.exe" "c:\Program Files\Phoenix Technologies\Applications\Rpro\XP\Vbface.exeTools\fwcpbeer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [nar] C:\WINDOWS\nar.vbs
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Service (bgsvc) - B.H.A Corporation - C:\Program Files\B's Recorder GOLD8\bgsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panasonic PC Information Viewer Service 2 (PcInfoPi) - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
O23 - Service: Panasonic PC Information Viewer (PcInfoSV) - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
O23 - Service: Phoenix PSA Service (PhnxPsaService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxPsSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: System Scheduler (SysSch) - Unknown owner - C:\WINDOWS\Offline Web Pages\svchost.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6841 bytes


==================
Combofixlog
==================
ComboFix 08-04-09.1 - Valtrex 2008-04-09 13:09:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2271 [GMT -7:00]
Running from: C:\Documents and Settings\Valtrex\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-05 17:25 . 2008-04-05 17:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-04 21:24 . 2008-04-09 13:02 7,474 --a------ C:\nar.vbs
2008-04-04 16:41 . 2008-02-16 00:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-04 16:41 . 2008-02-16 00:07 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-01 10:37 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-01 10:37 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-31 08:07 . 2008-03-31 08:08 <DIR> d-------- C:\Program Files\NavFit98A
2008-03-31 08:07 . 2008-03-31 08:07 249,856 --------- C:\WINDOWS\Setup1.exe
2008-03-31 08:07 . 2008-03-31 08:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-27 16:32 . 2008-03-27 16:32 <DIR> d-------- C:\Program Files\Safari
2008-03-27 16:27 . 2008-03-27 16:27 <DIR> d-------- C:\Program Files\iPod
2008-03-16 09:23 . 2008-03-16 09:23 <DIR> d-------- C:\Program Files\DreamCatcher
2008-03-12 22:18 . 2008-03-12 22:18 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-03-12 22:15 . 2004-08-03 14:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-12 22:15 . 2004-08-03 14:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-12 22:15 . 2004-08-03 14:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-12 22:15 . 2004-08-03 14:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-12 22:15 . 2004-08-03 14:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-12 22:15 . 2004-08-03 14:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-12 22:15 . 2004-08-03 14:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-12 22:15 . 2004-08-03 14:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-12 22:15 . 2004-08-03 14:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-12 22:15 . 2004-08-03 14:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-12 22:11 . 2004-08-03 13:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-12 22:11 . 2004-08-03 13:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 23:41 --------- d-----w C:\Program Files\Trend Micro
2008-04-04 23:39 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2008-04-01 04:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-30 00:06 7,304 ----a-w C:\WINDOWS\TMP0001.TMP
2008-03-29 00:07 --------- d-----w C:\Documents and Settings\Valtrex\Application Data\Apple Computer
2008-03-29 00:07 --------- d-----w C:\DOCUME~1\Valtrex\APPLIC~1\Apple Computer
2008-03-27 23:27 --------- d-----w C:\Program Files\iTunes
2008-03-27 23:25 --------- d-----w C:\Program Files\QuickTime
2008-02-19 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 21:52 --------- d-----w C:\Documents and Settings\Valtrex\Application Data\IrfanView
2008-02-18 21:52 --------- d-----w C:\DOCUME~1\Valtrex\APPLIC~1\IrfanView
2008-02-16 07:07 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 07:07 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 07:07 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 07:07 138,384 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-16 07:07 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-01-20 10:26 7,474 --sha-r C:\WINDOWS\Nar.vbs
2007-12-13 15:41 18,224 ----a-w C:\Documents and Settings\Valtrex\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 15:41 18,224 ----a-w C:\DOCUME~1\Valtrex\APPLIC~1\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FWcpbeer"="c:\Program Files\Phoenix Technologies\Applications\Rpro\XP\Vbface.exeWinBuilder\RunBlder.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 158208]
"nar"="C:\WINDOWS\nar.vbs" [2008-01-20 03:26 7474]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LAN Power-Saving Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LAN Power-Saving Utility.lnk
backup=C:\WINDOWS\pss\LAN Power-Saving Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2006-01-16 16:23 675840 C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTMSFLT(USB)]
--a------ 2005-06-23 07:33 82063 C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard]
--a------ 2006-05-15 03:32 679936 c:\Program Files\Phoenix Technologies\Applications\Guard\Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-02-26 03:34 155648 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-02-12 14:37 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-02-26 03:34 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-02-21 11:17 970752 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-02-21 11:19 819200 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
--a------ 2006-08-03 11:47 106496 C:\WINDOWS\system32\kmw_run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWheel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nar]
-rahs---- 2008-01-20 03:26 7474 C:\WINDOWS\nar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Hotkey Manager]
C:\Program Files\Panasonic\Hotkey Appendix\
[HKEYAPP.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCinfo]
--a------ 2006-11-30 13:44 87696 C:\Program Files\Panasonic\pcinfo\PcInfoUt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-02-26 03:33 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRunOnce]
--a------ 2004-08-06 05:58 110592 C:\util\prunonce\PRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recover Pro]
--a------ 2006-05-25 07:20 131072 c:\Program Files\Phoenix Technologies\Applications\RPro\XP\VBPTASK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-07-13 07:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-03-15 15:06 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-14 17:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-14 17:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
--a------ 2008-02-26 14:19 1398024 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WSwitch]
--a------ 2007-03-20 16:37 726672 C:\Program Files\Panasonic\WSwitch\WSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2005-05-30 20:50]
R0 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 16:27]
R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-10-18 06:47]
R0 RITFSD;RITFSD;C:\WINDOWS\system32\drivers\RITFSD.sys [2006-04-24 09:23]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2006-04-24 08:44]
R1 DCDisk;DCDisk;C:\WINDOWS\system32\drivers\DCDisk.sys [2005-06-07 07:13]
R1 miscfp1;Panasonic FP1 Device Driver;C:\Program Files\Panasonic\MiscFp\miscfp1.sys [2006-01-12 10:10]
R2 bgsvc;B's Recorder GOLD Service;C:\Program Files\B's Recorder GOLD8\bgsvc.exe [2004-10-14 14:00]
R2 BsUDF;BsUDF;C:\WINDOWS\system32\drivers\BsUDF.sys [2006-01-30 15:03]
R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2005-12-02 07:43]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe [2006-11-28 12:53]
R2 PcInfoSV;Panasonic PC Information Viewer;C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [2006-12-21 20:47]
R2 PhnxPsaService;Phoenix PSA Service;C:\WINDOWS\system32\PhxPsSvr.exe [2006-04-05 09:14]
R2 Rcfilter;Rcfilter;C:\WINDOWS\system32\drivers\Rcfilter.sys [2006-05-23 07:21]
R2 SDKEY;Panasonic SD Misc. Function Driver;C:\Program Files\Panasonic\SDKEY\SDKEY.SYS [2005-04-21 18:56]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
R3 exdisk;Express Disk Service;C:\WINDOWS\system32\DRIVERS\exdisk.sys [2004-08-03 04:38]
R3 FIDTPU;Fujitsu Touch Panel (USB);C:\WINDOWS\system32\DRIVERS\FIDTPU.sys [2005-06-23 08:20]
R3 HOTKEY;Panasonic Hotkey Driver;C:\WINDOWS\system32\DRIVERS\hotkey.sys [2006-11-14 03:48]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 04:19]
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2006-08-03 11:46]
R3 NewMisc;Panasonic Misc Driver;C:\WINDOWS\system32\DRIVERS\newmisc.sys [2007-03-02 13:56]
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2006-03-21 04:37]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-11 08:36]
S2 SysSch;System Scheduler;C:\WINDOWS\Offline Web Pages\svchost.exe []
S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2006-08-03 11:47]
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2006-08-03 11:47]
S3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 18:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0deca08a-ee09-11dc-ab7b-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33212477-df1f-11dc-ab77-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33212484-df1f-11dc-ab77-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f8d944-c54e-11dc-ab72-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f8d961-c54e-11dc-ab72-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f8d972-c54e-11dc-ab72-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e848b3a-9cca-11dc-ab68-000b97bf764e}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e848b3b-9cca-11dc-ab68-000b97bf764e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e848b51-9cca-11dc-ab68-000b97bf764e}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e848b52-9cca-11dc-ab68-000b97bf764e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ae5cf5b-2789-11dc-ab23-000b97bf764e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa4d2ce-f0f0-11dc-ab7c-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa4d310-f0f0-11dc-ab7c-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9bd43b-fdf9-11dc-ab8a-ed0376420cf7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9bd43e-fdf9-11dc-ab8a-ed0376420cf7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9bd443-fdf9-11dc-ab8a-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4ef1f0c-b2cf-11dc-ab6b-000b97bf764e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb3c1a7-cb85-11dc-ab73-0013e82992ad}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcb3c1a9-cb85-11dc-ab73-0013e82992ad}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 13:14:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 13:15:24
ComboFix-quarantined-files.txt 2008-04-09 20:15:14
Pre-Run: 14,224,572,416 bytes free
Post-Run: 14,220,525,568 bytes free
.
2008-03-13 11:18:55 --- E O F ---



The virus may have come from a flash drive but i fear it has also infected my external HD as well.
  • 0

Advertisements

#2
knotquiteawake
Posted 09 April 2008 - 06:04 PM

knotquiteawake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry to bump this but I really need some more views on this issue. Its a very time sensitive issue.
thanks in advance for your help
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP