Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde [Solved]

Started by mrstharp , Dec 06 2008 03:52 PM

  • This topic is locked This topic is locked

#16
mrstharp
Posted 11 December 2008 - 08:47 PM

mrstharp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Now i'm having a problem viewing pictures. When I try to look at pictures on my computer it comes up saying i don't have permission to view them. There's no reason why I shouldn't have permission. What do I do?
  • 0

Advertisements

#17
andrewuk
Posted 12 December 2008 - 01:41 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
this is not going to plan. i cant see where we deleted Picasso so either it was infected and avast took it out or something else happened.

so, reinstall and run avast.

and then lets get a deeper scan of your machine to see what is going on:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
we will delete that folder in the following post, though i suspect it is mostly gone anyway

andrewuk

Edited by andrewuk, 12 December 2008 - 01:49 AM.

  • 0

#18
mrstharp
Posted 12 December 2008 - 10:47 AM

mrstharp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's one:

Logfile of random's system information tool 1.04 (written by random/random)
Run by scott at 2008-12-12 11:42:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 15 GB (43%) free of 35 GB
Total RAM: 1014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:26 AM, on 12/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\scott\Desktop\RSIT.exe
C:\Program Files\trend micro\scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.verizon.net/signin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h30155.www3.h...osticsVista.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2A92C0-BD84-4247-9E1C-E66DAD67BAB3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A52933-7368-43EF-967C-2F66E65AA9CC}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5482 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-21 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-21 185872]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\Users\scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-12 11:42:26 ----D---- C:\rsit
2008-12-08 12:57:36 ----D---- C:\Program Files\cleaners
2008-12-08 12:50:18 ----D---- C:\Program Files\Alwil Software
2008-12-07 20:23:45 ----A---- C:\Windows\system32\javaws.exe
2008-12-07 20:23:45 ----A---- C:\Windows\system32\javaw.exe
2008-12-07 20:23:45 ----A---- C:\Windows\system32\java.exe
2008-12-07 09:06:48 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-06 23:15:58 ----D---- C:\Users\scott\AppData\Roaming\Malwarebytes
2008-12-06 23:15:46 ----D---- C:\ProgramData\Malwarebytes
2008-12-06 21:05:52 ----D---- C:\Windows\temp
2008-12-06 21:05:48 ----A---- C:\ComboFix.txt
2008-12-06 19:12:03 ----D---- C:\Windows\Minidump
2008-12-06 18:38:26 ----A---- C:\Windows\zip.exe
2008-12-06 18:38:26 ----A---- C:\Windows\VFIND.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWXCACLS.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWSC.exe
2008-12-06 18:38:26 ----A---- C:\Windows\SWREG.exe
2008-12-06 18:38:26 ----A---- C:\Windows\sed.exe
2008-12-06 18:38:26 ----A---- C:\Windows\NIRCMD.exe
2008-12-06 18:38:26 ----A---- C:\Windows\grep.exe
2008-12-06 18:38:26 ----A---- C:\Windows\fdsv.exe
2008-12-06 18:38:13 ----D---- C:\Windows\ERDNT
2008-12-06 18:38:13 ----D---- C:\Qoobox
2008-12-06 17:53:09 ----D---- C:\Users\scott\AppData\Roaming\Canon
2008-12-06 16:50:56 ----D---- C:\Program Files\Trend Micro
2008-12-06 16:43:13 ----HD---- C:\ProgramData\CanonBJ
2008-12-06 16:41:43 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-12-06 16:39:32 ----A---- C:\Windows\system32\CNMLM97.DLL
2008-12-06 16:38:53 ----HD---- C:\Program Files\CanonBJ
2008-12-06 16:38:07 ----D---- C:\Program Files\Canon
2008-12-06 13:15:20 ----A---- C:\VundoFix.txt
2008-12-06 13:11:43 ----D---- C:\VundoFix Backups
2008-12-04 22:47:18 ----D---- C:\Users\scott\AppData\Roaming\s_5842_NTg0Mnx8fHw1ODQyfHx8MTI0MTA3NDk1OHw_
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wups2.dll
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wucltux.dll
2008-12-03 01:39:23 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-03 01:39:22 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wups.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wudriver.dll
2008-12-03 01:38:41 ----A---- C:\Windows\system32\wuapi.dll
2008-12-03 01:37:45 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-03 01:37:45 ----A---- C:\Windows\system32\wuapp.exe
2008-11-25 19:05:23 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 19:05:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 19:05:16 ----A---- C:\Windows\system32\connect.dll
2008-11-24 20:08:49 ----D---- C:\ProgramData\WindowsSearch
2008-11-24 17:02:03 ----D---- C:\Windows\BurnQuick
2008-11-24 17:02:03 ----D---- C:\Program Files\BurnQuick
2008-11-24 17:01:23 ----D---- C:\Users\scott\AppData\Roaming\Triton Interactive
2008-11-24 15:50:54 ----RA---- C:\Windows\system32\vp6vfw.dll
2008-11-21 23:54:18 ----D---- C:\Program Files\Nick Jr. Arcade
2008-11-21 23:32:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-21 23:19:08 ----D---- C:\Program Files\Common Files\xing shared
2008-11-21 23:00:31 ----D---- C:\Windows\system32\IOSUBSYS
2008-11-20 22:43:55 ----D---- C:\Users\scott\AppData\Roaming\OpenOffice.org
2008-11-20 22:28:38 ----D---- C:\Program Files\JRE
2008-11-20 22:28:26 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-19 21:41:14 ----D---- C:\Program Files\QuickTime
2008-11-19 19:39:20 ----A---- C:\Windows\system32\msxml3.dll
2008-11-19 19:39:13 ----A---- C:\Windows\system32\msxml6.dll

======List of files/folders modified in the last 1 months======

2008-12-12 11:42:52 ----D---- C:\Windows\Prefetch
2008-12-12 05:27:27 ----SHD---- C:\System Volume Information
2008-12-11 22:41:33 ----RD---- C:\Program Files
2008-12-11 22:41:33 ----D---- C:\Windows
2008-12-11 22:33:42 ----SHD---- C:\Windows\System32
2008-12-11 22:33:26 ----D---- C:\Windows\system32\drivers
2008-12-11 21:54:39 ----D---- C:\Windows\system32\Tasks
2008-12-11 19:50:35 ----SHD---- C:\Windows\Installer
2008-12-11 19:49:38 ----D---- C:\Program Files\Common Files
2008-12-11 19:41:48 ----D---- C:\Windows\system32\catroot2
2008-12-11 10:15:42 ----D---- C:\Windows\system32\config
2008-12-10 22:08:08 ----D---- C:\Program Files\Java
2008-12-10 22:03:30 ----HD---- C:\ProgramData
2008-12-10 21:56:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 20:29:28 ----D---- C:\Users\scott\AppData\Roaming\FrostWire
2008-12-10 20:29:28 ----D---- C:\Program Files\FrostWire
2008-12-10 19:30:07 ----SD---- C:\Windows\Downloaded Program Files
2008-12-07 20:23:11 ----A---- C:\Windows\system32\deploytk.dll
2008-12-06 21:05:58 ----D---- C:\Windows\system32\en-US
2008-12-06 21:00:41 ----A---- C:\Windows\system.ini
2008-12-06 20:57:40 ----D---- C:\Windows\AppPatch
2008-12-06 18:47:54 ----RSD---- C:\Windows\Fonts
2008-12-06 16:41:39 ----D---- C:\Windows\system32\catroot
2008-12-06 16:41:17 ----D---- C:\Windows\inf
2008-12-06 16:17:29 ----D---- C:\temp
2008-12-06 12:23:19 ----D---- C:\My Downloads
2008-12-05 17:33:41 ----D---- C:\Windows\rescache
2008-12-05 17:28:51 ----D---- C:\Windows\winsxs
2008-12-04 12:06:26 ----D---- C:\My Shared Folder
2008-11-29 23:07:45 ----D---- C:\Baby Pictures
2008-11-29 22:01:30 ----D---- C:\Windows\Tasks
2008-11-29 22:01:30 ----D---- C:\Windows\system32\spool
2008-11-29 22:01:30 ----D---- C:\Windows\system32\Msdtc
2008-11-29 22:01:30 ----D---- C:\Windows\Diner Dash
2008-11-29 22:01:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-29 22:01:24 ----D---- C:\Program Files\BFG
2008-11-29 22:01:22 ----D---- C:\Windows\system32\wbem
2008-11-29 22:01:22 ----D---- C:\Windows\registration
2008-11-29 21:59:20 ----D---- C:\ProgramData\PlayFirst
2008-11-29 21:59:16 ----D---- C:\ProgramData\BVRP Software
2008-11-29 00:37:52 ----D---- C:\Windows\system32\LogFiles
2008-11-27 20:23:11 ----SHD---- C:\Boot
2008-11-27 20:05:45 ----D---- C:\Windows\Debug
2008-11-23 12:05:35 ----AD---- C:\ProgramData\TEMP
2008-11-22 21:59:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-21 23:18:43 ----D---- C:\Program Files\Common Files\Real
2008-11-21 23:18:28 ----A---- C:\Windows\system32\rmoc3260.dll
2008-11-21 23:17:14 ----A---- C:\Windows\system32\pndx5032.dll
2008-11-21 23:17:14 ----A---- C:\Windows\system32\pndx5016.dll
2008-11-21 23:17:05 ----A---- C:\Windows\system32\pncrt.dll
2008-11-21 21:53:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 22:34:35 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
R3 ltmodem5;Agere Modem Driver; C:\Windows\system32\DRIVERS\ltmdmnt.sys [2006-11-02 503296]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\Windows\system32\drivers\NSDriver.sys [2008-04-29 15648]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-19 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-27 611664]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-27 606208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

And here's the other:

info.txt logfile of random's system information tool 1.04 2008-12-12 11:44:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Backyardigans Mission to Mars-->C:\PROGRA~1\NICKJR~1.ARC\BACKYA~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\BACKYA~1\INSTALL.LOG
bitcontrol® MPEG Video Decoder v3.0-->"C:\Program Files\Common Files\BitCtrl\uninst-bcmpeg.exe"
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
FrostWire 4.17.1-->C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
Windows Mobile Device Center-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#19
mrstharp
Posted 12 December 2008 - 05:02 PM

mrstharp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I think there have been some settings changed in my windows. After I close my IE window the history gets deleted...or atleast the history in the address bar. I can go to history and that history is still there, but the addresses visited in the address bar are gone once I close the window. So, I think w/ that and it saying I don't have permission to view the files that my pictures are in with the window picture viewer that something has been changed in my windows settings. i'm not sure where to go to fix it. I can see pictures in other programs, just not the windows picture viewer.
  • 0

#20
andrewuk
Posted 13 December 2008 - 06:16 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the log looks as clean.

However, you need to get avast installed and running on your system, you will merely get re-infected.

also, lets remove the folder (i suspect it is gone, but no hard in trying), and then in the following post go through the wrapping up procedure and then we can get your pictures back up and running.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Users\scott\'

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

andrewuk
  • 0

#21
mrstharp
Posted 13 December 2008 - 09:28 AM

mrstharp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the log. I had to shut it down and run it again. I THINK that the first time it said the Scott\' file had been deleted. So it came up not found the second time. Everything froze up the first time I did it and didn't come back. Seems to be a reoccuring thing. I run programs and they either freeze up in the middle of the process or take way too long. I assume that's because it's having problems and not actually doing what its suppose to do. Like w/ the superanti program. Took 10 hours but wasn't doing anything in the end.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Users\scott\' not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_100932
  • 0

#22
andrewuk
Posted 13 December 2008 - 11:59 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, lets go through the clean up proceedure. let me know when you have done it all and then we will work on your other issues.

and could you also confirm that you have installed avast.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

====STEP 2====
Resetting your restore points (which is about turning system restore off, rebooting, and then turning it back on again).

1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.

2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.

reboot

1. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.

2. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

How to Turn On and Turn Off System Restore in Vista
http://windowshelp.m...6fb3f01033.mspx


====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk
  • 0

#23
mrstharp
Posted 13 December 2008 - 02:27 PM

mrstharp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I did everything. My pictures are back YAY! :) I have just two questions....is it ok to have adaware and spybot installed? Because I have both...i actually paid for the pro version a few months back. And my other question is....about a month ago we had problems with windows. It installed an update and it got to step 3 of 3 and for a week it just kept restarting and going back to the step 3 of 3...w/ 0% done. So it basically wasn't doing whatever step 3 was. And so, i'm kind of scared to install anymore updates. There are like 9 i think showing up, we took it off auto install. Do you think maybe we had the infection when that happend and that's why it happend? Think its safe to try and update?
  • 0

#24
andrewuk
Posted 13 December 2008 - 02:31 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

I did everything. My pictures are back YAY!

well, thats a turn up for the books.....

is it ok to have adaware and spybot installed?

yes, it is ok.

And my other question is....about a month ago we had problems with windows. It installed an update and it got to step 3 of 3 and for a week it just kept restarting and going back to the step 3 of 3...w/ 0% done. So it basically wasn't doing whatever step 3 was. And so, i'm kind of scared to install anymore updates. There are like 9 i think showing up, we took it off auto install. Do you think maybe we had the infection when that happend and that's why it happend? Think its safe to try and update?

yes, try again. if it does not work, try and install the other updates and try that one again.

let me know how it goes.

andrewuk
  • 0

#25
andrewuk
Posted 15 December 2008 - 07:08 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP