Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

586 viruses detected in USB by Kaspersky-PC unstable [CLOSED]

Started by uptown hunk , Jun 09 2008 11:24 PM

  • This topic is locked This topic is locked

#1
uptown hunk
Posted 09 June 2008 - 11:24 PM

uptown hunk

    Member

  • Member
  • PipPip
  • 51 posts
Here we go again..I got my friends friend pen drive home with a college project in it..As usual i scanned it first after connecting...AND WOAH Kaspersky Internet Security starts detecting viruses n goes on till the count is "586"..Most execpt a few were of the same kind ie Win32 something...it made .exe files out of all the files present in the pendrive...I deleted all...That was a couple of days ago...Since then my PC has been unstable...and i mean very unstable..It hangs at will...Sometimes fails to boot properly n sometimes it doest even give the Safe mode menu even when u press F5 at boot many times...I also freqently got a blue screen sayin that if this is the first time i got the screen plz restart or else.....As i said i use KIS, Windows DEfender(which i think is almost useless) and uniblues Spy Eraser..None of them detected anything...My God and i thought i had a very safe pc after using thse programs..BUT i was proved wrong..Here is the HJT and Combofix logs...
Also when i last installed XP3 i had some problems n i ended up installing it in \C again..Hence the directory is C\C i guess...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:55 AM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\C\WINDOWS\System32\smss.exe
C:\C\WINDOWS\system32\winlogon.exe
C:\C\WINDOWS\system32\services.exe
C:\C\WINDOWS\system32\lsass.exe
C:\C\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\C\WINDOWS\System32\svchost.exe
C:\C\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\C\WINDOWS\system32\RUNDLL32.EXE
C:\C\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\C\WINDOWS\system32\nvsvc32.exe
C:\C\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\C\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\C\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\C\WINDOWS\explorer.exe
C:\C\WINDOWS\system32\notepad.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\C\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\C\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{F832FA1E-B1B5-4846-BAB4-9B002481EE38}: NameServer = 202.153.35.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\C\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7712 bytes


ComboFix 08-06-09.7 - Administrator 2008-06-10 10:06:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.545 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Desktop\Songs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\C\WINDOWS\linkinfo.dll
C:\C\WINDOWS\system32\drivers\cdralw.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRALW
-------\Service_cdralw
-------\Legacy_CDRALW
-------\Service_cdralw


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 14:39 . 2008-06-09 14:39 <DIR> d-------- C:\Program Files\uTorrent
2008-06-08 11:28 . 2008-06-08 11:28 <DIR> d--h----- C:\C\WINDOWS\PIF
2008-06-08 11:15 . 2008-06-08 11:15 25 --a------ C:\C\WINDOWS\cdplayer.ini
2008-06-08 00:37 . 2008-06-08 00:37 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\Oxford
2008-06-04 14:58 . 2008-06-04 14:58 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-02 00:35 . 2008-06-08 11:14 499,712 --a------ C:\C\WINDOWS\system32\msvcp71.dll
2008-06-02 00:35 . 2008-06-08 11:14 348,160 --a------ C:\C\WINDOWS\system32\msvcr71.dll
2008-06-02 00:23 . 2008-06-02 00:33 <DIR> d-------- C:\C\WINDOWS\system32\Adobe
2008-05-30 23:00 . 2008-05-30 23:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-05-30 17:01 . 2008-05-30 17:01 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\G-Force
2008-05-28 16:13 . 2008-06-08 19:56 69 --a------ C:\C\WINDOWS\NeroDigital.ini
2008-05-28 15:20 . 2008-05-26 15:28 1,681 --a------ C:\KIS7_2010-12-20_0094A883.KEY
2008-05-28 15:17 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-05-28 03:43 . 2008-05-28 03:43 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-28 03:41 . 2008-05-28 03:41 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\Nero
2008-05-28 03:38 . 2008-05-28 03:40 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-28 03:38 . 2008-05-28 03:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-26 22:19 . 2008-05-26 22:20 <DIR> d-------- C:\C\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-05-26 02:29 . 2008-06-09 18:28 <DIR> d-------- C:\movies2
2008-05-24 03:14 . 2008-05-24 03:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-05-24 01:32 . 2008-06-10 09:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-24 01:32 . 2008-06-10 01:22 12,866,592 --ahs---- C:\C\WINDOWS\system32\drivers\fidbox.dat
2008-05-24 01:32 . 2008-06-10 01:22 216,864 --ahs---- C:\C\WINDOWS\system32\drivers\fidbox2.dat
2008-05-24 01:32 . 2008-06-10 01:22 174,224 --ahs---- C:\C\WINDOWS\system32\drivers\fidbox.idx
2008-05-24 01:32 . 2008-05-28 23:54 96,966 --a------ C:\C\WINDOWS\system32\drivers\klin.dat
2008-05-24 01:32 . 2008-05-29 22:21 88,774 --a------ C:\C\WINDOWS\system32\drivers\klick.dat
2008-05-24 01:32 . 2008-06-10 01:22 22,640 --ahs---- C:\C\WINDOWS\system32\drivers\fidbox2.idx
2008-05-24 01:31 . 2008-05-24 01:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-05-24 01:22 . 2008-05-24 01:22 <DIR> d-------- C:\Program Files\Xvid
2008-05-24 01:22 . 2007-06-28 23:22 765,952 --a------ C:\C\WINDOWS\system32\xvidcore.dll
2008-05-24 01:22 . 2007-06-28 23:24 180,224 --a------ C:\C\WINDOWS\system32\xvidvfw.dll
2008-05-24 01:22 . 2007-06-28 23:25 77,824 --a------ C:\C\WINDOWS\system32\xvid.ax
2008-05-24 00:46 . 2008-05-03 17:30 221,184 --a------ C:\C\WINDOWS\system32\wmpns.dll
2008-05-24 00:44 . 2008-05-24 00:44 <DIR> d-------- C:\C\WINDOWS\system32\LogFiles
2008-05-24 00:44 . 2008-05-24 00:44 <DIR> d-------- C:\C\WINDOWS\system32\drivers\UMDF
2008-05-23 02:18 . 2008-06-09 17:09 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\uTorrent
2008-05-23 01:54 . 2008-05-23 01:54 <DIR> d-------- C:\Program Files\CCleaner
2008-05-22 21:16 . 2008-05-22 21:16 53,248 --a------ C:\C\WINDOWS\system32\suppdll.dll
2008-05-22 21:16 . 2008-05-22 21:16 35,363 --a------ C:\C\WINDOWS\system32\windrvNT.sys
2008-05-22 20:54 . 2008-05-22 20:54 <DIR> d-------- C:\C\WINDOWS\system32\xircom
2008-05-22 04:38 . 2008-05-22 04:38 268 --ah----- C:\sqmdata01.sqm
2008-05-22 04:38 . 2008-05-22 04:38 244 --ah----- C:\sqmnoopt01.sqm
2008-05-22 04:21 . 2008-05-22 04:21 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Contacts
2008-05-22 01:54 . 2008-05-22 01:55 <DIR> d--h-c--- C:\C\WINDOWS\ie8
2008-05-22 01:51 . 2008-05-22 01:51 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\vlc
2008-05-21 22:53 . 2008-05-21 22:55 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\U3
2008-05-21 21:41 . 2008-05-21 21:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-05-21 21:20 . 2007-07-30 23:49 271,224 --a------ C:\C\WINDOWS\system32\mucltui.dll
2008-05-21 21:20 . 2007-07-30 23:49 207,736 --a------ C:\C\WINDOWS\system32\muweb.dll
2008-05-21 21:20 . 2007-07-30 23:49 30,072 --a------ C:\C\WINDOWS\system32\mucltui.dll.mui
2008-05-21 21:17 . 2008-05-21 21:17 268 --ah----- C:\sqmdata00.sqm
2008-05-21 21:17 . 2008-05-21 21:17 244 --ah----- C:\sqmnoopt00.sqm
2008-05-21 21:15 . 2006-10-26 19:56 32,592 --a------ C:\C\WINDOWS\system32\msonpmon.dll
2008-05-21 21:12 . 2008-05-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Uniblue
2008-05-21 21:09 . 2008-05-23 18:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-21 21:09 . 2008-05-21 21:14 <DIR> d-------- C:\C\WINDOWS\SHELLNEW
2008-05-21 21:05 . 2008-05-21 21:05 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-21 14:40 . 2008-05-21 14:40 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\Uniblue
2008-05-21 13:45 . 2008-05-21 13:40 102,664 --a------ C:\C\WINDOWS\system32\drivers\tmcomm.sys
2008-05-21 13:39 . 2008-05-21 14:23 <DIR> d-------- C:\Documents and Settings\Administrator.EXPERIEN-069FBB\.housecall6.6
2008-05-21 13:31 . 2008-06-04 15:50 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-21 13:31 . 2005-08-25 22:48 118,784 --a------ C:\C\WINDOWS\system32\MSSTDFMT.DLL
2008-05-21 13:31 . 2005-08-25 22:49 115,920 --a------ C:\C\WINDOWS\system32\MSINET.OCX
2008-05-21 13:20 . 2008-05-28 15:32 <DIR> d--h----- C:\C\WINDOWS\$hf_mig$
2008-05-21 13:20 . 2006-09-25 22:28 23,856 --a------ C:\C\WINDOWS\system32\spupdsvc.exe
2008-05-21 13:19 . 2008-03-04 00:31 8,016,384 --a------ C:\C\WINDOWS\system32\dllcache\ieframe.dll
2008-05-21 13:19 . 2008-02-07 22:18 3,670,112 --a------ C:\C\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-21 13:19 . 2008-03-04 00:31 1,110,016 --a------ C:\C\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-21 13:19 . 2008-03-04 00:31 585,728 --a------ C:\C\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-21 13:19 . 2008-03-04 00:04 440,832 --a------ C:\C\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-21 13:19 . 2008-03-04 00:20 268,800 --a------ C:\C\WINDOWS\system32\dllcache\iertutil.dll
2008-05-21 13:19 . 2008-03-04 00:20 60,928 --a------ C:\C\WINDOWS\system32\dllcache\icardie.dll
2008-05-21 13:19 . 2008-03-04 00:31 52,224 --a------ C:\C\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-21 13:19 . 2008-02-22 15:30 13,824 --------- C:\C\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-21 13:05 . 2008-05-21 13:05 0 --a------ C:\C\WINDOWS\nsreg.dat
2008-05-21 12:49 . 2008-05-21 12:49 <DIR> d-------- C:\C\WINDOWS\Sun
2008-05-21 06:14 . 2008-03-25 07:07 69,632 --a------ C:\C\WINDOWS\system32\javacpl.cpl
2008-05-20 05:09 . 2008-05-20 05:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-05-20 05:09 . 2008-05-20 05:09 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-05-20 05:05 . 2008-05-20 05:05 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS.0\DRM
2008-05-20 04:57 . 2008-05-20 05:03 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS.0\Documents
2008-05-20 04:27 . 2008-05-22 20:49 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS.0
2008-05-20 04:27 . 2008-05-20 05:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0
2008-05-19 01:47 . 2008-05-19 01:49 <DIR> d-------- C:\WINDOWS.1
2008-05-19 01:37 . 2008-05-22 21:21 <DIR> d-------- C:\WINDOWS.0
2008-05-13 13:26 . 2008-05-20 00:40 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:29 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-06-08 05:45 --------- d-----w C:\Program Files\Common Files\Real
2008-06-04 10:19 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-28 13:07 112,144 ----a-w C:\C\WINDOWS\system32\drivers\kl1.sys
2008-05-28 09:44 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-27 22:08 --------- d-----w C:\Program Files\Nero
2008-05-23 21:44 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-21 07:58 --------- d-----w C:\Program Files\Opera
2008-05-21 00:44 --------- d-----w C:\Program Files\Java
2008-05-21 00:06 --------- d-----w C:\Program Files\Gigabyte
2008-05-21 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 00:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-21 00:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 23:58 14,656 ----a-w C:\C\WINDOWS\gdrv.sys
2008-05-20 23:54 315,392 ----a-w C:\C\WINDOWS\HideWin.exe
2008-05-20 23:45 --------- d-----w C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\InstallShield
2008-05-20 23:42 --------- d-----w C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Application Data\Leadertech
2008-05-15 14:00 --------- d-----w C:\Documents and Settings\younus\Application Data\uTorrent
2008-05-06 18:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Registry Booster
2008-05-06 10:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-05-06 07:59 --------- d-----w C:\Program Files\Panda Security
2008-05-05 16:56 --------- d-----w C:\Program Files\Folder Lock
2008-05-03 14:23 --------- d-----w C:\Documents and Settings\younus\Application Data\MSNInstaller
2008-05-02 19:34 --------- d-----w C:\Documents and Settings\younus\Application Data\U3
2008-05-01 11:53 --------- d-----w C:\Program Files\C-Free 3.5
2008-04-27 09:39 --------- d-----w C:\Documents and Settings\younus\Application Data\Registry Booster
2008-04-27 09:33 --------- d-----w C:\Documents and Settings\younus\Application Data\Hide IP NG
2008-04-27 09:21 --------- d-----w C:\Program Files\SpeedFan
2008-04-25 10:35 --------- d-----w C:\Program Files\Windows Defender
2008-04-23 18:23 --------- d-----w C:\Program Files\Microsoft Reader
2008-04-17 18:06 --------- d-----w C:\Program Files\Dream Aquarium
2008-04-16 19:09 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-14 17:06 --------- d-----w C:\Documents and Settings\younus\Application Data\KillProcess
2008-04-14 17:05 --------- d-----w C:\Program Files\KillProcess
2008-04-13 15:51 --------- d-----w C:\Documents and Settings\younus\Application Data\TVU networks
2008-04-13 14:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-12 09:35 --------- d-----w C:\Program Files\Real
2008-03-21 01:36 74,752 ----a-w C:\C\WINDOWS\system32\storprop.dll
2008-03-21 01:36 74,240 ----a-w C:\C\WINDOWS\system32\usbui.dll
2008-03-21 01:36 29,184 ----a-w C:\C\WINDOWS\system32\sdhcinst.dll
2008-03-21 01:35 30,208 ----a-w C:\C\WINDOWS\system32\bthserv.dll
2008-03-21 01:35 20,992 ----a-w C:\C\WINDOWS\system32\bthci.dll
2008-03-21 00:37 23,552 ----a-w C:\C\WINDOWS\system32\wdmaud.drv
2008-03-21 00:36 4,096 ----a-w C:\C\WINDOWS\system32\ksuser.dll
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
.
<pre>
----a-w		   617,343 2008-06-07 13:35:32  C:\Documents and Settings\Administrator.EXPERIEN-069FBB\Desktop\placement papers\company materials\BlueTooth\Bluetooth(seminar)\www_bluetooth_tech_new_net6_files\bluetooth_files\116_files\116_files .exe
</pre>


------- Sigcheck -------

2008-05-03 17:30 361344 37d8387cbd4437c55f454209be10ef11 C:\C\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 14:20 1424648]
"ctfmon.exe"="C:\C\WINDOWS\system32\ctfmon.exe" [2008-05-03 17:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\C\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"nwiz"="nwiz.exe" [2006-10-31 12:05 1622016 C:\C\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\C\WINDOWS\system32\NvMcTray.dll" [2006-10-31 12:05 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\C\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\C\WINDOWS\SkyTel.exe]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2008-05-30 23:06 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 08:58 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 14:29 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 20:59 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 00:18 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-04 00:21 126464 C:\C\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 21:37 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\C\\WINDOWS\\system32\\mmc.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\C\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 gdrv;gdrv;C:\C\WINDOWS\gdrv.sys [2008-05-21 05:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f24395-274b-11dd-9186-001a4d7eb4cd}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f24396-274b-11dd-9186-001a4d7eb4cd}]
\Shell\AutoRun\command - I:\
\Shell\explore\Command - I:\System~1\com1.{21ec2020-3aea-1069-a2dd-08002b30309d}\ntldr.pif
\Shell\open\Command - I:\System~1\com1.{21ec2020-3aea-1069-a2dd-08002b30309d}\ntldr.pif

.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 04:31:03 C:\C\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-21 15:50:35 C:\C\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 10:09:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-10 10:10:22
ComboFix-quarantined-files.txt 2008-06-10 04:40:09
ComboFix2.txt 2008-05-06 11:25:16
ComboFix3.txt 2008-05-05 20:38:04

Pre-Run: 3,187,728,384 bytes free
Post-Run: 3,178,672,128 bytes free

265 --- E O F --- 2008-06-06 09:17:05
  • 0

Advertisements

#2
koko_crunch
Posted 14 June 2008 - 02:16 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Sorry for the delay.

Let's do some scans the move on with other issues.

First,

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Next,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post back with

- MBAM log
- SuperAntispyware log
  • 0

#3
koko_crunch
Posted 23 June 2008 - 07:51 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP