Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URGENT help with malware/keylogger - HIJACK LOG [RESOLVED]

Started by xpto2008 , Jul 18 2008 04:55 PM

  • This topic is locked This topic is locked

#16
fenzodahl512
Posted 22 July 2008 - 08:00 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Dont use crack.. You'll get yourself infected..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Program Files\AVG\AVG8\crack.exe
C:\Users\goncalo\Desktop\desk\k.js
C:\Users\goncalo\Desktop\desk\sspro_55.exe
D:\filmes\completed\AVG Internet Security v8.0.93 + Perfect Serial to 3rd of November 09\AVG Crack\crack.exe
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please include a fresh DSS log (after OTMoveIt2 step) for my final review before I can set you free..


fenzodahl512
  • 0

Advertisements

#17
xpto2008
Posted 22 July 2008 - 09:41 AM

xpto2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTMoveIt2 log:

Explorer killed successfully
C:\Program Files\AVG\AVG8\crack.exe moved successfully.
C:\Users\goncalo\Desktop\desk\k.js moved successfully.
C:\Users\goncalo\Desktop\desk\sspro_55.exe moved successfully.
D:\filmes\completed\AVG Internet Security v8.0.93 + Perfect Serial to 3rd of November 09\AVG Crack\crack.exe moved successfully.
< EmptyTemp >
File delete failed. C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_OuRn3cs56a6bjVw scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07222008_162957

Files moved on Reboot...
C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\Windows\temp\sqlite_OuRn3cs56a6bjVw not found!



DSS LOG:

Deckard's System Scanner v20071014.68
Run by goncalo on 2008-07-22 16:38:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as goncalo.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:54, on 22-07-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\goncalo\Desktop\desk\dss.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\goncalo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.c...://br.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Sonork] "C:\Program Files\Sonork\SONORK.EXE" -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S9953.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: NETimetro.lnk = C:\Program Files\NARS\NETimetro\netimetro.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12900 bytes

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-21 23:14:03 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-07-21 11:22:55 0 d-------- C:\Windows\Sun
2008-07-20 19:51:22 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-20 19:51:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 11:15:25 0 d-------- C:\Program Files\PeerGuardian2
2008-07-20 03:05:10 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-20 02:58:33 68096 --a------ C:\Windows\zip.exe
2008-07-20 02:58:33 49152 --a------ C:\Windows\VFind.exe
2008-07-20 02:58:33 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-20 02:58:33 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-20 02:58:33 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-20 02:58:33 98816 --a------ C:\Windows\sed.exe
2008-07-20 02:58:33 80412 --a------ C:\Windows\grep.exe
2008-07-20 02:58:33 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-18 20:29:11 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 20:17:55 0 d-------- C:\Windows\system32\drivers\Avg
2008-07-18 20:17:39 0 d-------- C:\Users\All Users\avg8
2008-07-18 20:17:39 0 d-------- C:\Program Files\AVG
2008-07-18 19:43:20 0 d-------- C:\Program Files\Trend Micro
2008-07-08 22:59:59 4620 --a------ C:\Windows\system32\xmlcache.dll
2008-07-08 18:38:12 0 dr-hs---- C:\Windows\Real
2008-07-08 16:36:46 0 d-------- C:\AllokRMFolder
2008-07-08 16:30:54 0 d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-07-08 16:10:47 0 d-------- C:\archive
2008-07-08 01:31:24 0 d-------- C:\Temp
2008-07-08 01:28:25 0 d-------- C:\Program Files\Xilisoft
2008-07-08 01:10:08 0 d-------- C:\Windows\Mozilla
2008-07-08 01:07:33 0 d-------- C:\Program Files\MediaCoder
2008-07-07 22:44:55 372736 --a------ C:\Windows\system32\IJL_11.DLL <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-07-07 21:41:58 0 d-------- C:\Users\All Users\Messenger Plus!
2008-07-07 21:16:52 53248 --a------ C:\Windows\system32\ciaXPRegSvr20.dll <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-07-07 21:16:40 200704 --a------ C:\Windows\system32\ciaSCls20.dll <Not Verified; CIA, The company; CIA Subclassing>
2008-07-07 21:16:38 692224 --a------ C:\Windows\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-07-07 21:16:18 352256 --a------ C:\Windows\system32\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-07-07 21:16:16 278528 --a------ C:\Windows\system32\duzactx.dll <Not Verified; Inner Media, Inc.; DynaZip-32 UnZip ActiveX Control>
2008-07-07 21:15:50 131072 --a------ C:\Windows\winfsysrn.dll
2008-07-07 21:15:44 753664 --a------ C:\Windows\sprscore.exe <Not Verified; Systems Integration 2; System Utilities>
2008-07-07 21:15:43 0 d-------- C:\Windows\fontvect
2008-07-07 20:40:25 0 d-------- C:\Program Files\MSN Messenger
2008-07-07 01:15:17 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-29 23:33:49 0 d-------- C:\Program Files\Sun
2008-06-29 23:27:36 0 d-------- C:\Program Files\Java
2008-06-29 23:25:34 0 d-------- C:\Program Files\Common Files\Java
2008-06-29 20:11:13 0 d-------- C:\Program Files\Hofmann
2008-06-29 20:01:15 0 d-------- C:\Windows\system32\URTTEMP


-- Find3M Report ---------------------------------------------------------------

2008-07-21 21:01:28 0 d-------- C:\Users\goncalo\AppData\Roaming\BSplayer PRO
2008-07-21 10:15:51 0 d-------- C:\Users\goncalo\AppData\Roaming\uTorrent
2008-07-20 19:51:25 0 d-------- C:\Users\goncalo\AppData\Roaming\Malwarebytes
2008-07-19 01:34:54 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-18 19:40:20 0 d-------- C:\Program Files\Acer GameZone
2008-07-18 19:38:00 0 d-------- C:\Program Files\Symantec
2008-07-18 19:37:47 0 d-------- C:\Program Files\Common Files
2008-07-09 10:01:11 174 --ahs---- C:\Program Files\desktop.ini
2008-07-08 01:31:25 0 d-------- C:\Users\goncalo\AppData\Roaming\Real
2008-07-08 01:27:02 0 d-------- C:\Users\goncalo\AppData\Roaming\mIRC
2008-07-07 22:41:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 21:11:13 0 d-------- C:\Users\goncalo\AppData\Roaming\PC Suite
2008-06-28 20:50:03 0 d-------- C:\Users\goncalo\AppData\Roaming\Adobe
2008-06-22 15:21:41 0 d-------- C:\Users\goncalo\AppData\Roaming\Nokia Multimedia Player
2008-06-10 21:05:17 0 d-------- C:\Program Files\Picasa2
2008-05-29 23:35:23 0 d-------- C:\Users\goncalo\AppData\Roaming\Vso
2008-05-29 23:35:23 34 --a------ C:\Users\goncalo\AppData\Roaming\pcouffin.log
2008-05-29 23:34:19 7887 --a------ C:\Users\goncalo\AppData\Roaming\pcouffin.cat
2008-05-29 23:34:13 0 d-------- C:\Program Files\DVDFab 5
2008-05-29 23:03:04 0 d-------- C:\Program Files\DVD Shrink
2008-05-29 22:24:06 0 d-------- C:\Users\goncalo\AppData\Roaming\CyberLink
2008-05-26 22:38:37 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-26 22:34:22 0 d-------- C:\Program Files\EPSON
2008-05-26 22:29:21 0 d-------- C:\Users\goncalo\AppData\Roaming\InstallShield
2008-05-02 00:02:59 17089 --a------ C:\Users\goncalo\AppData\Roaming\UserTile.png


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [06-07-2007 04:06 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [25-04-2007 16:33]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [21-06-2007 18:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-03-2007 04:38]
"PLFSet"="C:\Windows\PLFSet.dll" [25-04-2007 14:47]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [16-07-2007 06:51]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [06-06-2007 09:06]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22-05-2007 15:49]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05-11-2006 22:48]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 18:38]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02-01-2008 18:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02-01-2008 18:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02-01-2008 18:07]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15-03-2008 00:50]
"Sonork"="C:\Program Files\Sonork\SONORK.exe" [20-04-2008 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25-09-2007 09:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25-03-2008 04:28]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [19-07-2008 15:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12-03-2008 11:14]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22-05-2007 15:49]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29-03-2007 16:41]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [11-03-2008 23:38]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [17-10-2007 14:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 13:34]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [16-04-2008 12:53]
"EPSON Stylus DX4400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [01-03-2007 07:01]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [26-02-2008 02:23]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [16-08-2007 11:45:40]
NETimetro.lnk - C:\Program Files\NARS\NETimetro\netimetro.exe [05-05-2008 23:13:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-22 16:40:13 ------------




I would like also to know in your opinion which is the best antivirus+antispyware software in the market?
I'm trying know AVG PRO, but don't know if its the best for this...

Thanks
  • 0

#18
fenzodahl512
Posted 22 July 2008 - 09:57 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Good news.. Your log loks clean to my eyes :)

I would like also to know in your opinion which is the best antivirus+antispyware software in the market?
I'm trying know AVG PRO, but don't know if its the best for this...



Here's what I personally use..

Antivirus: Avira AntiVir Personal
Antispyware: Malwarebytes' (you already have it..)
Firewall: PC Tools Firewall Plus


Remember to use ONLY ONE antivirus, ONE firewall for your computer..


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image


Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#19
fenzodahl512
Posted 27 July 2008 - 12:34 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP