Virtumonde [Solved]
#16
Posted 11 December 2008 - 08:47 PM
#17
Posted 12 December 2008 - 01:41 AM
so, reinstall and run avast.
and then lets get a deeper scan of your machine to see what is going on:
- Download random's system information tool (RSIT) by random/random from here.
- It is important that is saved to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
andrewuk
Edited by andrewuk, 12 December 2008 - 01:49 AM.
#18
Posted 12 December 2008 - 10:47 AM
Logfile of random's system information tool 1.04 (written by random/random)
Run by scott at 2008-12-12 11:42:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 15 GB (43%) free of 35 GB
Total RAM: 1014 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:26 AM, on 12/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\scott\Desktop\RSIT.exe
C:\Program Files\trend micro\scott.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.verizon.net/signin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h30155.www3.h...osticsVista.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2A92C0-BD84-4247-9E1C-E66DAD67BAB3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A52933-7368-43EF-967C-2F66E65AA9CC}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 5482 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-21 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-21 185872]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\Users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-12-12 11:42:26 ----D---- C:\rsit
2008-12-08 12:57:36 ----D---- C:\Program Files\cleaners
2008-12-08 12:50:18 ----D---- C:\Program Files\Alwil Software
2008-12-07 20:23:45 ----A---- C:\Windows\system32\javaws.exe
2008-12-07 20:23:45 ----A---- C:\Windows\system32\javaw.exe
2008-12-07 20:23:45 ----A---- C:\Windows\system32\java.exe
2008-12-07 09:06:48 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-06 23:15:58 ----D---- C:\Users\scott\AppData\Roaming\Malwarebytes
2008-12-06 23:15:46 ----D---- C:\ProgramData\Malwarebytes
2008-12-06 21:05:52 ----D---- C:\Windows\temp
2008-12-06 21:05:48 ----A---- C:\ComboFix.txt
2008-12-06 19:12:03 ----D---- C:\Windows\Minidump
2008-12-06 18:38:26 ----A---- C:\Windows\zip.exe
2008-12-06 18:38:26 ----A---- C:\Windows\VFIND.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWXCACLS.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWSC.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWREG.exe
2008-12-06 18:38:26 ----A---- C:\Windows\sed.exe
2008-12-06 18:38:26 ----A---- C:\Windows\NIRCMD.exe
2008-12-06 18:38:26 ----A---- C:\Windows\grep.exe
2008-12-06 18:38:26 ----A---- C:\Windows\fdsv.exe
2008-12-06 18:38:13 ----D---- C:\Windows\ERDNT
2008-12-06 18:38:13 ----D---- C:\Qoobox
2008-12-06 17:53:09 ----D---- C:\Users\scott\AppData\Roaming\Canon
2008-12-06 16:50:56 ----D---- C:\Program Files\Trend Micro
2008-12-06 16:43:13 ----HD---- C:\ProgramData\CanonBJ
2008-12-06 16:41:43 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-12-06 16:39:32 ----A---- C:\Windows\system32\CNMLM97.DLL
2008-12-06 16:38:53 ----HD---- C:\Program Files\CanonBJ
2008-12-06 16:38:07 ----D---- C:\Program Files\Canon
2008-12-06 13:15:20 ----A---- C:\VundoFix.txt
2008-12-06 13:11:43 ----D---- C:\VundoFix Backups
2008-12-04 22:47:18 ----D---- C:\Users\scott\AppData\Roaming\s_5842_NTg0Mnx8fHw1ODQyfHx8MTI0MTA3NDk1OHw_
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wups2.dll
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wucltux.dll
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-03 01:39:22 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wups.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wudriver.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wuapi.dll
2008-12-03 01:37:45 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-03 01:37:45 ----A---- C:\Windows\system32\wuapp.exe
2008-11-25 19:05:23 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 19:05:16 ----A---- C:\Windows\system32\connect.dll
2008-11-24 20:08:49 ----D---- C:\ProgramData\WindowsSearch
2008-11-24 17:02:03 ----D---- C:\Windows\BurnQuick
2008-11-24 17:02:03 ----D---- C:\Program Files\BurnQuick
2008-11-24 17:01:23 ----D---- C:\Users\scott\AppData\Roaming\Triton Interactive
2008-11-24 15:50:54 ----RA---- C:\Windows\system32\vp6vfw.dll
2008-11-21 23:54:18 ----D---- C:\Program Files\Nick Jr. Arcade
2008-11-21 23:32:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-21 23:19:08 ----D---- C:\Program Files\Common Files\xing shared
2008-11-21 23:00:31 ----D---- C:\Windows\system32\IOSUBSYS
2008-11-20 22:43:55 ----D---- C:\Users\scott\AppData\Roaming\OpenOffice.org
2008-11-20 22:28:38 ----D---- C:\Program Files\JRE
2008-11-20 22:28:26 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-19 21:41:14 ----D---- C:\Program Files\QuickTime
2008-11-19 19:39:20 ----A---- C:\Windows\system32\msxml3.dll
2008-11-19 19:39:13 ----A---- C:\Windows\system32\msxml6.dll
======List of files/folders modified in the last 1 months======
2008-12-12 11:42:52 ----D---- C:\Windows\Prefetch
2008-12-12 05:27:27 ----SHD---- C:\System Volume Information
2008-12-11 22:41:33 ----RD---- C:\Program Files
2008-12-11 22:41:33 ----D---- C:\Windows
2008-12-11 22:33:42 ----SHD---- C:\Windows\System32
2008-12-11 22:33:26 ----D---- C:\Windows\system32\drivers
2008-12-11 21:54:39 ----D---- C:\Windows\system32\Tasks
2008-12-11 19:50:35 ----SHD---- C:\Windows\Installer
2008-12-11 19:49:38 ----D---- C:\Program Files\Common Files
2008-12-11 19:41:48 ----D---- C:\Windows\system32\catroot2
2008-12-11 10:15:42 ----D---- C:\Windows\system32\config
2008-12-10 22:08:08 ----D---- C:\Program Files\Java
2008-12-10 22:03:30 ----HD---- C:\ProgramData
2008-12-10 21:56:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 20:29:28 ----D---- C:\Users\scott\AppData\Roaming\FrostWire
2008-12-10 20:29:28 ----D---- C:\Program Files\FrostWire
2008-12-10 19:30:07 ----SD---- C:\Windows\Downloaded Program Files
2008-12-07 20:23:11 ----A---- C:\Windows\system32\deploytk.dll
2008-12-06 21:05:58 ----D---- C:\Windows\system32\en-US
2008-12-06 21:00:41 ----A---- C:\Windows\system.ini
2008-12-06 20:57:40 ----D---- C:\Windows\AppPatch
2008-12-06 18:47:54 ----RSD---- C:\Windows\Fonts
2008-12-06 16:41:39 ----D---- C:\Windows\system32\catroot
2008-12-06 16:41:17 ----D---- C:\Windows\inf
2008-12-06 16:17:29 ----D---- C:\temp
2008-12-06 12:23:19 ----D---- C:\My Downloads
2008-12-05 17:33:41 ----D---- C:\Windows\rescache
2008-12-05 17:28:51 ----D---- C:\Windows\winsxs
2008-12-04 12:06:26 ----D---- C:\My Shared Folder
2008-11-29 23:07:45 ----D---- C:\Baby Pictures
2008-11-29 22:01:30 ----D---- C:\Windows\Tasks
2008-11-29 22:01:30 ----D---- C:\Windows\system32\spool
2008-11-29 22:01:30 ----D---- C:\Windows\system32\Msdtc
2008-11-29 22:01:30 ----D---- C:\Windows\Diner Dash
2008-11-29 22:01:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-29 22:01:24 ----D---- C:\Program Files\BFG
2008-11-29 22:01:22 ----D---- C:\Windows\system32\wbem
2008-11-29 22:01:22 ----D---- C:\Windows\registration
2008-11-29 21:59:20 ----D---- C:\ProgramData\PlayFirst
2008-11-29 21:59:16 ----D---- C:\ProgramData\BVRP Software
2008-11-29 00:37:52 ----D---- C:\Windows\system32\LogFiles
2008-11-27 20:23:11 ----SHD---- C:\Boot
2008-11-27 20:05:45 ----D---- C:\Windows\Debug
2008-11-23 12:05:35 ----AD---- C:\ProgramData\TEMP
2008-11-22 21:59:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-21 23:18:43 ----D---- C:\Program Files\Common Files\Real
2008-11-21 23:18:28 ----A---- C:\Windows\system32\rmoc3260.dll
2008-11-21 23:17:14 ----A---- C:\Windows\system32\pndx5032.dll
2008-11-21 23:17:14 ----A---- C:\Windows\system32\pndx5016.dll
2008-11-21 23:17:05 ----A---- C:\Windows\system32\pncrt.dll
2008-11-21 21:53:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 22:34:35 ----RSD---- C:\Windows\assembly
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
R3 ltmodem5;Agere Modem Driver; C:\Windows\system32\DRIVERS\ltmdmnt.sys [2006-11-02 503296]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\Windows\system32\drivers\NSDriver.sys [2008-04-29 15648]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-19 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-27 611664]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-27 606208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
-----------------EOF-----------------
And here's the other:
info.txt logfile of random's system information tool 1.04 2008-12-12 11:44:39
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Backyardigans Mission to Mars-->C:\PROGRA~1\NICKJR~1.ARC\BACKYA~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\BACKYA~1\INSTALL.LOG
bitcontrol® MPEG Video Decoder v3.0-->"C:\Program Files\Common Files\BitCtrl\uninst-bcmpeg.exe"
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
FrostWire 4.17.1-->C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
Windows Mobile Device Center-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
-----------------EOF-----------------
#19
Posted 12 December 2008 - 05:02 PM
#20
Posted 13 December 2008 - 06:16 AM
However, you need to get avast installed and running on your system, you will merely get re-infected.
also, lets remove the folder (i suspect it is gone, but no hard in trying), and then in the following post go through the wrapping up procedure and then we can get your pictures back up and running.
Please download the OTMoveIt3 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Files C:\Users\scott\' :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
andrewuk
#21
Posted 13 December 2008 - 09:28 AM
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Users\scott\' not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_100932
#22
Posted 13 December 2008 - 11:59 AM
and could you also confirm that you have installed avast.
in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.
====STEP 1====
- Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Click on the CleanUp! button
- A list of tool components used in the Cleanup of malware will be downloaded.
- Click Yes to begin the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
====STEP 2====
Resetting your restore points (which is about turning system restore off, rebooting, and then turning it back on again).
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
reboot
1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
How to Turn On and Turn Off System Restore in Vista
http://windowshelp.m...6fb3f01033.mspx
====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.
====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
- Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
- AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
- SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
- SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
- IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
- Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
best wishes
andrewuk
#23
Posted 13 December 2008 - 02:27 PM
#24
Posted 13 December 2008 - 02:31 PM
well, thats a turn up for the books.....I did everything. My pictures are back YAY!
yes, it is ok.is it ok to have adaware and spybot installed?
yes, try again. if it does not work, try and install the other updates and try that one again.And my other question is....about a month ago we had problems with windows. It installed an update and it got to step 3 of 3 and for a week it just kept restarting and going back to the step 3 of 3...w/ 0% done. So it basically wasn't doing whatever step 3 was. And so, i'm kind of scared to install anymore updates. There are like 9 i think showing up, we took it off auto install. Do you think maybe we had the infection when that happend and that's why it happend? Think its safe to try and update?
let me know how it goes.
andrewuk
#25
Posted 15 December 2008 - 07:08 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users