Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Virus


  • Please log in to reply

#16
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Nothing

Scan taken on 04 Jun 2008 23:39:17 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



But I told Dr.Web to clean it.

Edited by Ctrl_Alt_Del, 04 June 2008 - 05:42 PM.

  • 0

Advertisements


#17
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK just post the results to dr web when its done :)
  • 0

#18
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
HiJack Log coming


userinit.exe;c:\windows\system32;Trojan.NtRootKit.1075;Deleted.;
02876312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.56730;Deleted.;
04439281.FIL;C:\$VAULT$.AVG;Trojan.Packed.411;Deleted.;
08381531.FIL;C:\$VAULT$.AVG;Trojan.Packed.411;Deleted.;
16614484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.56730;Deleted.;
25658906.FIL;C:\$VAULT$.AVG;Trojan.Packed.411;Deleted.;
32459734.FIL;C:\$VAULT$.AVG;Trojan.Packed.411;Deleted.;
45314937.FIL;C:\$VAULT$.AVG;Trojan.Packed.411;Deleted.;
vnc-4_1_1-x86_win32.asp\data001;C:\App Dev\VNC\vnc-4_1_1-x86_win32.asp;Program.RemoteAdmin;;
vnc-4_1_1-x86_win32.asp\data003;C:\App Dev\VNC\vnc-4_1_1-x86_win32.asp;Program.RemoteAdmin;;
vnc-4_1_1-x86_win32.asp;C:\App Dev\VNC;Archive contains infected objects;Moved.;
bti.exe;C:\Deckard\System Scanner\20080601182634\backup\DOCUME~1\Owner\LOCALS~1\Temp;Trojan.DownLoader.62873;Deleted.;
mmonHJ.exe\data006;C:\Deckard\System Scanner\20080601182634\backup\DOCUME~1\Owner\LOCALS~1\Temp\mmonHJ.exe;Trojan.DownLoader.56730;;
mmonHJ.exe;C:\Deckard\System Scanner\20080601182634\backup\DOCUME~1\Owner\LOCALS~1\Temp;Archive contains infected objects;Moved.;
popcaploader.dll;C:\Deckard\System Scanner\20080601182634\backup\WINDOWS\Downloaded Program Files;Program.PopcapLoader;;
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ARRGH.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Desktop\ARRGH.exe;Tool.Prockill;;
ARRGH.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;Moved.;
Combo-Fix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe;Probably SCRIPT.Virus;;
Combo-Fix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe;Program.PsExec.171;;
Combo-Fix.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;Moved.;
ComboArrgh.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Desktop\ComboArrgh.exe;Probably SCRIPT.Virus;;
ComboArrgh.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\Desktop\ComboArrgh.exe;Program.PsExec.171;;
ComboArrgh.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0151408.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP537;Trojan.StartPage.1505;Deleted.;
A0152503.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP540;Trojan.StartPage.1505;Deleted.;
A0160013.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP563;Trojan.StartPage.1505;Deleted.;
A0161842.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP569;Trojan.StartPage.1505;Deleted.;
A0162853.dll;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570;Adware.WebHancer;;
A0162854.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570;Adware.WebHancer.75;;
A0162856.dll;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570;Adware.WebHancer.73;;
A0162857.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570;Adware.WebHancer;;
A0162974.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570;Trojan.StartPage.1505;Deleted.;
A0162975.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP571;Trojan.StartPage.1505;Deleted.;
A0164097.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP571;Trojan.NtRootKit.1075;Deleted.;
A0164098.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP571;Trojan.NtRootKit.1075;Deleted.;
A0164508.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP573;Trojan.NtRootKit.1075;Deleted.;
A0164512.EXE;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP573;Program.PsExec.170;;
A0164523.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP573;Probably SCRIPT.Virus;;
A0164602.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP574;Trojan.StartPage.1505;Deleted.;
A0164627.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP574;Probably SCRIPT.Virus;;
A0164649.EXE;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Program.PsExec.170;;
A0164658.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Probably SCRIPT.Virus;;
A0164742.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575\A0164742.exe;Tool.Prockill;;
A0164742.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Archive contains infected objects;Moved.;
A0165057.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Probably SCRIPT.Virus;;
A0165094.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Probably SCRIPT.Virus;;
A0165164.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP575;Probably SCRIPT.Virus;;
A0165359.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Trojan.NtRootKit.1075;Deleted.;
A0165363.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Trojan.DownLoader.62873;Deleted.;
A0165364.exe\data006;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165364.exe;Trojan.DownLoader.56730;;
A0165364.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Archive contains infected objects;Moved.;
A0165365.reg;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Trojan.StartPage.1505;Deleted.;
A0165368.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165368.exe;Tool.Prockill;;
A0165368.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Archive contains infected objects;Moved.;
A0165369.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165369.exe;Probably SCRIPT.Virus;;
A0165369.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165369.exe;Program.PsExec.171;;
A0165369.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Archive contains infected objects;Moved.;
A0165370.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165370.exe;Probably SCRIPT.Virus;;
A0165370.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\A0165370.exe;Program.PsExec.171;;
A0165370.exe;C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577;Archive contains infected objects;Moved.;
  • 0

#19
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:03 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120850872656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37680.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://possumtrot.vi...0/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.178.59.32/...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://samcam.homeip...in/h263ctrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.srtest.com/sysreqlab5.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...ploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4916656A-C749-4B7E-85F8-A9F4834181F7}: NameServer = 24.25.5.150,24.24.5.149
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6978BD-CD48-40C7-9974-61FBAFE021E5}: NameServer = 24.25.5.150,24.25.5.149
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12979 bytes
  • 0

#20
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Actually, that log is fine, most are things that arent really a threat. this line

userinit.exe;c:\windows\system32;Trojan.NtRootKit.1075;Deleted I ust had you scan that file and nothing was detected, Im thinking it may be a false posotive

You mind running one more scan and then we can focus on the errors

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#21
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 12:39:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 831242
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 135074
Number of viruses found: 10
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 02:32:45

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080601182634\backup\DOCUME~1\Owner\LOCALS~1\Temp\msiexec.exe Infected: Trojan-Clicker.Win32.Agent.tg skipped
C:\Deckard\System Scanner\20080601182634\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AVG7\l_001256.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-6-5-2008( 10-1-14 ).LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0165364.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0165364.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mmonHJ.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\mmonHJ.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\vnc-4_1_1-x86_win32.asp/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\vnc-4_1_1-x86_win32.asp/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\vnc-4_1_1-x86_win32.asp Inno: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008060520080606\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFFBA5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT.LOG Object is locked skipped
C:\Downloads\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Downloads\mirc616.exe mIRC: infected - 1 skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570\A0162853.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570\A0162854.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570\A0162856.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP570\A0162857.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP571\A0164099.exe Infected: Trojan.Win32.Pakes.dau skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP573\A0164507.exe Infected: Trojan.Win32.Pakes.dau skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP576\A0165339.exe Infected: Trojan-Dropper.Win32.Agent.seh skipped
C:\System Volume Information\_restore{3A28CBE0-BBFD-4C3E-B934-4DE93088B17E}\RP577\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DAALIEN1.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_174.dat Object is locked skipped
C:\WINDOWS\TEMP\ZLT017ca.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT017cd.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.
  • 0

#22
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
That ones basically clean also

Follow These directions for flushing system restore

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Now please tell me the errors you are still getting
  • 0

#23
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Well, Windows can't find ComboFix or Combo-Fix or ComboArrgh. ComboArrgh is what I named it the first time that I ran it because it wouldn't run as ComboFix.


SuperAntiSpyware updated. Outlook launched with no problems.


Everything is running excellent right now.


Heck I have everything all backed up and ready to wipe the drive and reinstall too. Memory upgrades for both PC came in the mail today too.


loophole I really appreciate your patience and walking me through all this. You're great! *highfive*
  • 0

#24
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
the combofix messages were probably related to dr. web deleting parts of it. I have no idea why they insist on targeting combo, they know its not a problem. I think the memory upgrade will solve alot of your problems. You can just delete the C:\ combofix folder. Let me know if you have any questions.

loophole I really appreciate your patience and walking me through all this. You're great! *highfive*

Its not a problem, I just wish everyone was as courteous as you are :) Let me know how it goes or if you need help installing the memory
  • 0

#25
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thank you. I think that I have the memory part covered. I have been there and done that a few times but I'm not used to dealing with virii. I can make your PC do anything that you want it but I don't have a clue about how to make it do something that you aren't asking for.
  • 0

Advertisements


#26
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Well, I will wait a day or two, please let me know if you have any problems :)
  • 0

#27
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
It's been a busy couple of days. I had a driver file that experienced a buffer overflow and shut down the system. So I actually had to reset my CMOS, format and reload anyway. :)

Once I got Windows reinstalled I used my ghost files to reset my system. Hey the only thing that has changed as far as hardware in the past couple of years is a CD drive and I knew that I could deal with that. I guess though that with the CMOS reset there were some issues with the ghost image and as soon as I tried to do anything the PC locked up. So I formatted again and just used the recovery CD to reinstall Windows and reinstalled all the driver myself.



During all of this I attempted to install all of the latest patches and stuff from Windows and it locked up the PC. That was before the last reinstall and I have read that Windows update has problem. Anyway, now that everything is working right I'm scared to use Windows Update. :)


I'm ditching the AVG antivirus and for now I have NVidia Firewall up but haven't connected the machine to the internet yet. I'm trying to decide what I want to use for antivirus, spyware and firewall. :)


Once I get those installed and get connected again then if everything goes well I'll be doing the memory upgrades. I have 4 gigs of 3200 for that machine and 3 gigs of 2700 for this machine. :)



Bit the bullet and revisted Window Update and am currently installing all patches except for SP3.

Edited by Ctrl_Alt_Del, 08 June 2008 - 11:49 AM.

  • 0

#28
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Sorry you had to reformat....Sometimes it is just easier and best to start fresh
  • 0

#29
Ctrl_Alt_Del

Ctrl_Alt_Del

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Yes, it was something that I had been talking about doing for a while anyway but it's always a pain. This machine has been going since Jan 2005 and had a bunch of "junk" accumulated on it so it's just as well. At least with the virus going on I was able to back up all files and export a bunch of setting "just in case" I had to reinstall anyway.


Memory upgrades have all been done and with the fresh install the PC is smokin'.


I think that I'm going to reinstall Oblivion and max out all the video and audio settings. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP