Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Vundo.Gen Infection

Started by StickFighter , Nov 12 2009 04:50 PM

  • Please log in to reply

#1
StickFighter
Posted 12 November 2009 - 04:50 PM

StickFighter

    New Member

  • Member
  • Pip
  • 3 posts
Hello,My Antivirus found TR/Vundo.Gen virus,and Normally i selected move to Quarantine,but i made Full Scan just to be sure that the virus is removed and No virs was found....1h later the Avira Guard detected the same virs on the same file that is in the quarantine....i searched on Google found sum posts about how to remove it but didn't work used VundoFix,Malawarebytes,SUPERAntiSpyware, but they didn't found anything So here's my HijackThis Log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:13, on 12.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\PwnT.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=PwnT.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6182 bytes





But i don't get popups like others who has that virus,and i don't think that its sending or receiving files from the net cos i have Zone Alarm on.
Btw the virs is located C:\WINDOWS\system32\tdlwsp.dll witch i cannot find.....

Edited by StickFighter, 14 November 2009 - 07:31 AM.

  • 0

Advertisements

#2
StickFighter
Posted 13 November 2009 - 12:28 PM

StickFighter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello Agein,Iv Downloaded Combofix...It detected Rootkit and i had to restart and rescan so here's the log

And Avira AntiVirus haven't detected anything so far but please check my log's


ComboFix 09-11-13.04 - Gorgi 13.11.2009 8:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.389.1033.18.1279.828 [GMT 1:00]
Running from: c:\documents and settings\crven\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\viamraid.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 23:18 . 2008-04-13 22:10 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-12 23:18 . 2008-04-13 22:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-12 22:49 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\crven\Application Data\Simply Super Software\Trojan Remover\sij65.exe
2009-11-12 18:34 . 2009-11-12 18:34 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
2009-11-12 18:30 . 2009-11-12 22:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-12 18:28 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-12 18:28 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-12 18:28 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-12 18:28 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-12 18:28 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-12 18:28 . 2009-11-12 18:28 -------- d-----w- c:\documents and settings\crven\Application Data\Simply Super Software
2009-11-12 18:28 . 2009-11-12 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-11-12 11:46 . 2009-11-12 11:46 -------- d-----w- c:\program files\Trend Micro
2009-11-12 11:13 . 2009-11-12 11:13 -------- d-----w- C:\VundoFix Backups
2009-11-12 08:45 . 2009-11-12 08:45 117760 ----a-w- c:\documents and settings\crven\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 08:44 . 2009-11-12 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-12 08:44 . 2009-11-12 18:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 08:44 . 2009-11-12 08:44 -------- d-----w- c:\documents and settings\crven\Application Data\SUPERAntiSpyware.com
2009-11-12 08:44 . 2009-11-12 08:44 -------- d-----w- c:\documents and settings\crven\Application Data\Malwarebytes
2009-11-12 08:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 08:43 . 2009-11-12 08:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 08:43 . 2009-11-12 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-12 08:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 16:40 . 2009-11-11 16:40 1411 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_72E0B65DE3A49C645B1C9DD385C090C9.dll
2009-11-11 16:27 . 2009-11-11 16:44 -------- d-----w- c:\program files\RegCure
2009-11-11 09:18 . 2009-11-11 09:18 -------- d-----w- C:\NVIDIA
2009-11-10 22:54 . 2009-11-10 22:54 -------- d-----w- C:\Folding@HomeCPU
2009-11-10 22:52 . 2009-11-10 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-11-10 22:48 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-11-10 22:48 . 2009-11-10 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-11-10 22:43 . 2009-11-10 22:43 -------- d-----w- c:\program files\DIFX
2009-11-10 22:43 . 2006-07-01 21:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-11-10 22:43 . 2009-11-10 22:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-10 22:43 . 2009-11-10 22:43 -------- d-----w- c:\windows\system32\AGEIA
2009-11-10 22:42 . 2009-11-12 08:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 21:42 . 2009-11-10 22:42 -------- d-----w- C:\BDS
2009-11-07 10:34 . 2009-11-07 10:34 313 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B767B2E0A6AEB984FB380838EFD16B16.dll
2009-11-04 13:21 . 2009-11-04 13:21 12862 ----a-r- c:\documents and settings\crven\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-11-04 10:29 . 2009-11-04 10:29 152576 ----a-w- c:\documents and settings\crven\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 17:20 . 2009-11-03 17:20 -------- d-----w- c:\program files\NOS
2009-11-03 17:20 . 2009-09-23 15:37 34112 ----a-w- c:\documents and settings\crven\Application Data\Mozilla\Firefox\Profiles\szjguugo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-03 17:20 . 2009-09-23 15:37 32448 ----a-w- c:\documents and settings\crven\Application Data\Mozilla\Firefox\Profiles\szjguugo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-03 17:20 . 2009-09-23 15:37 22352 ----a-w- c:\documents and settings\crven\Application Data\Mozilla\Firefox\Profiles\szjguugo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-28 11:47 . 2009-10-28 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-10-28 11:47 . 2009-10-28 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-10-28 11:46 . 2009-10-28 11:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-25 09:51 . 2009-10-25 18:13 -------- d-----w- c:\windows\system32\Adobe
2009-10-25 09:07 . 2009-10-25 09:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-24 20:50 . 2009-10-24 20:50 1875 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AC76300FF3E4646418A8207438316B6E.dll
2009-10-24 20:38 . 2009-10-24 20:42 -------- d-----w- C:\Movavi files
2009-10-24 20:35 . 2009-10-24 20:35 -------- d-----w- c:\documents and settings\crven\Local Settings\Application Data\Downloaded Installations
2009-10-24 20:17 . 2009-10-24 20:17 -------- d-----w- c:\documents and settings\crven\Application Data\Apple Computer
2009-10-21 11:02 . 2009-10-21 11:03 -------- d-----w- C:\EXPLORER_Backup
2009-10-20 20:24 . 2000-05-17 07:52 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2009-10-20 20:24 . 2009-10-20 20:24 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-20 10:43 . 2009-10-20 11:00 -------- d-----w- c:\program files\Logon Loader
2009-10-19 21:18 . 2009-10-19 21:23 -------- d-----w- C:\AV_LOGS
2009-10-19 20:39 . 2009-10-19 20:39 43 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_88F15156F2F41A142BD11ABCC6B35E16.dll
2009-10-19 19:40 . 2009-10-19 19:40 -------- d-----w- c:\documents and settings\crven\Application Data\ProxyCap
2009-10-17 14:08 . 2009-10-17 14:08 -------- d-----w- c:\documents and settings\crven\Local Settings\Application Data\Help
2009-10-16 17:01 . 2009-10-16 17:01 -------- d-----w- c:\program files\Workspace Macro 4.6
2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 23:18 . 2009-11-13 07:51 1960448 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-11-12 23:18 . 2009-11-13 07:51 128000 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-11-12 23:11 . 2009-11-12 23:12 1953792 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-11-12 23:11 . 2009-11-12 23:12 1512448 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-11-12 23:10 . 2009-10-17 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-12 22:44 . 2009-09-30 16:05 -------- d-----w- c:\documents and settings\crven\Application Data\uTorrent
2009-11-12 11:30 . 2009-11-12 11:31 638464 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-11-12 11:30 . 2009-11-12 11:31 1919488 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-11-11 22:10 . 2009-11-12 08:34 172032 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-11-11 22:10 . 2009-11-12 08:34 1905152 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-11-11 13:54 . 2009-11-11 13:54 21241425 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_11_11_14_29_42_full.dmp.zip
2009-11-11 13:02 . 2009-11-11 13:01 21211733 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_11_11_12_53_34_full.dmp.zip
2009-11-11 11:49 . 2009-11-11 11:48 21211781 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_11_11_12_42_32_full.dmp.zip
2009-11-11 11:42 . 2009-09-29 23:22 -------- d-----w- c:\documents and settings\crven\Application Data\FileZilla
2009-11-10 23:03 . 2009-11-11 06:49 2913792 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-11-10 23:03 . 2009-11-11 06:49 1888768 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-11-10 22:19 . 2009-09-29 00:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-04 12:39 . 2009-09-29 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-04 10:30 . 2009-10-02 12:58 -------- d-----w- c:\program files\Java
2009-11-03 14:52 . 2009-10-02 13:01 -------- d-----w- c:\documents and settings\crven\Application Data\LimeWire
2009-10-23 16:11 . 2009-09-29 00:11 63488 ----a-w- c:\documents and settings\crven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 09:57 . 2009-10-21 09:57 1714688 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-10-21 09:57 . 2009-10-21 09:57 34304 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-10-20 20:40 . 2009-10-20 20:41 1712640 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-10-20 20:40 . 2009-10-20 20:41 1684480 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-10-20 20:27 . 2004-08-04 12:00 8468992 ----a-w- c:\windows\system32\logonuiX.exe
2009-10-17 14:08 . 2009-10-17 14:03 -------- d-----w- c:\program files\Security Task Manager
2009-10-14 09:50 . 2009-10-02 17:50 931928 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-10-14 09:49 . 2009-10-14 09:50 1609216 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-10-13 21:12 . 2009-10-14 06:43 1612800 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-10-13 10:13 . 2009-10-13 10:15 1608192 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-10-12 21:29 . 2009-10-13 09:02 1606656 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-10-12 10:40 . 2009-10-12 10:41 1604608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-10-11 03:17 . 2009-10-02 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 17:37 . 2009-09-28 23:27 -------- d-----w- c:\program files\MSN Messenger
2009-10-10 08:08 . 2009-10-10 08:07 625 ----a-w- c:\windows\system32\cid_store.dat
2009-10-10 08:07 . 2009-10-10 08:07 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-10-10 08:07 . 2009-10-10 08:07 20 ----a-w- c:\windows\system32\pub_store.dat
2009-10-10 08:07 . 2009-10-10 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\vucache
2009-10-10 08:06 . 2009-10-10 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2009-10-09 15:46 . 2009-10-09 17:02 1679872 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-10-09 15:46 . 2009-10-09 17:02 1570816 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-10-08 18:48 . 2009-10-08 18:48 -------- d-----w- c:\program files\MSXML 4.0
2009-10-08 13:45 . 2009-10-08 13:46 47616 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-10-08 12:47 . 2009-10-08 13:01 41472 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-10-07 19:29 . 2009-10-08 05:55 76288 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-10-07 15:15 . 2009-10-07 14:40 -------- d-----w- c:\documents and settings\crven\Application Data\Nero
2009-10-07 14:54 . 2009-10-07 14:55 94720 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-10-07 14:36 . 2009-10-07 14:14 -------- d-----w- c:\program files\Common Files\Nero
2009-10-07 14:35 . 2009-10-07 14:35 -------- d-----w- c:\program files\Windows Sidebar
2009-10-07 14:31 . 2009-10-07 14:15 -------- d-----w- c:\program files\Nero
2009-10-07 14:18 . 2009-10-07 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-07 11:22 . 2009-10-03 15:06 -------- d-----w- c:\documents and settings\crven\Application Data\play2p
2009-10-06 16:36 . 2009-10-07 10:47 697856 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-10-04 22:21 . 2009-10-05 11:38 3141632 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-10-04 15:29 . 2009-10-04 15:33 1521152 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-10-03 21:47 . 2009-10-04 07:21 713728 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-10-03 21:47 . 2009-10-04 07:21 1511424 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-10-03 19:26 . 2009-10-03 19:48 77312 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-10-03 19:26 . 2009-10-03 19:48 1517056 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-10-03 19:24 . 2009-10-03 19:24 -------- d-----w- c:\documents and settings\crven\Application Data\Media Player Classic
2009-10-03 18:27 . 2009-10-03 19:16 2564608 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-10-03 18:27 . 2009-10-03 19:16 1510912 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-10-03 15:06 . 2009-10-03 15:06 -------- d-----w- c:\program files\play2p
2009-10-03 15:06 . 2009-10-03 15:06 -------- d--h--w- c:\program files\InstallJammer Registry
2009-10-03 11:41 . 2009-09-29 00:26 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-03 11:41 . 2009-09-29 00:26 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-02 23:02 . 2009-10-03 09:21 400384 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-10-02 21:17 . 2009-10-02 21:35 1492480 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-10-02 21:16 . 2009-10-02 21:35 702464 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-10-02 18:53 . 2009-10-02 19:02 1495552 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-10-02 18:53 . 2009-10-02 19:02 338944 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-10-02 17:49 . 2009-10-02 17:50 1496576 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-10-02 17:49 . 2009-10-02 17:50 2654208 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-10-02 13:01 . 2009-10-02 13:01 57344 ----a-w- c:\documents and settings\crven\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
2009-10-02 12:58 . 2009-10-02 12:58 152576 ----a-w- c:\documents and settings\crven\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-30 18:54 . 2009-09-30 18:55 916480 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-09-30 18:54 . 2009-09-30 18:55 1437696 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-09-30 18:00 . 2009-09-29 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-30 15:40 . 2009-09-28 23:28 -------- d-----w- c:\documents and settings\crven\Application Data\Skype
2009-09-30 15:23 . 2009-09-30 15:23 -------- d-----w- c:\program files\MSBuild
2009-09-30 15:23 . 2009-09-30 15:23 -------- d-----w- c:\program files\Reference Assemblies
2009-09-30 15:20 . 2009-09-30 15:20 -------- d-----w- c:\program files\MSXML 6.0
2009-09-30 12:31 . 2009-09-30 12:31 -------- d-----w- c:\program files\AskBarDis
2009-09-30 12:31 . 2009-09-30 12:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-29 23:45 . 2009-09-29 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-29 23:28 . 2009-09-29 23:28 -------- d-----w- c:\program files\Zone Labs
2009-09-29 07:28 . 2009-09-29 07:28 -------- d-----w- c:\documents and settings\crven\Application Data\Hamachi
2009-09-29 04:23 . 2009-09-29 04:23 0 ----a-w- c:\windows\nsreg.dat
2009-09-29 00:26 . 2009-09-29 00:26 -------- d-----w- c:\program files\Avira
2009-09-29 00:26 . 2009-09-29 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-29 00:23 . 2009-09-29 00:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-29 00:21 . 2009-09-29 00:21 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-29 00:21 . 2009-09-29 00:21 -------- d-----w- c:\program files\Ahead
2009-09-29 00:20 . 2009-09-29 00:20 -------- d-----w- c:\documents and settings\crven\Application Data\BSplayer PRO
2009-09-29 00:20 . 2009-09-29 00:20 -------- d-----w- c:\program files\Webteh
2008-03-26 18:14 . 2009-10-10 08:06 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"LogonStudio"="d:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^play2p.lnk]
backup=c:\windows\pss\play2p.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\utorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29.09.2009 01:26 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [30.09.2009 13:31 464264]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.11.2009 09:43 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.11.2009 09:43 19160]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\crven\LOCALS~1\Temp\MVA35.tmp --> c:\docume~1\crven\LOCALS~1\Temp\MVA35.tmp [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04.08.2004 13:00 14336]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: К№УГСёАЧПВФШ
IE: К№УГСёАЧПВФШИ«ІїБґЅУ
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
FF - ProfilePath - c:\documents and settings\crven\Application Data\Mozilla\Firefox\Profiles\szjguugo.default\
FF - plugin: c:\documents and settings\crven\Application Data\Mozilla\Firefox\Profiles\szjguugo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 09:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\crven\LOCALS~1\Temp\MVA35.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\crven\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-11-13 09:14
ComboFix-quarantined-files.txt 2009-11-13 08:14

Pre-Run: 20.301.811.712 bytes free
Post-Run: 20.325.462.016 bytes free

- - End Of File - - F7EEBCF0E6E6D01E4B6294BC5857700E
  • 0

#3
StickFighter
Posted 15 November 2009 - 04:01 AM

StickFighter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello

Recently i searched on the net for antivirus programs,scanners etc. and i found this site:Click Me the site can scan ur HijackThis log file and tell you what lines to fix/delete....So i posted my HJ log and deleted some lines and here's my log now

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:44, on 15.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5145 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP