Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo - Please Help!


  • Please log in to reply
7 replies to this topic

#1 Slowchimes

Slowchimes

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 08 September 2007 - 11:05 PM

Help please! Am getting winfixer pop-ups and IE randomly opening up - I've tried everything to remove it to no avail! Please help! Its driving me insane!

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:14 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187948019593
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6622 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 09 September 2007 - 11:20 AM

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Slowchimes

Slowchimes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 09 September 2007 - 03:29 PM

Thanks! Here are my combofix and hijack this logs:

ComboFix 07-09-09.5 - "Andrew" 2007-09-09 12:22:41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.589 [GMT 12:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ANDREW\APPLIC~1\macromedia\Flash Player\#SharedObjects\E84SHGVH\www.broadcaster.com
C:\DOCUME~1\ANDREW\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ANDREW\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\cbxurpo.dll
C:\WINDOWS\system32\fjrkwpwq.exe
C:\WINDOWS\system32\iifgeca.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\pmnnkif.dll


((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-09 12:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 20:26 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-08 20:26 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-08 20:26 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-08 20:25 <DIR> d-------- C:\Program Files\Sygate
2007-09-08 18:38 <DIR> d-------- C:\DOCUME~1\Andrew\.housecall6.6
2007-08-26 10:11 6,473 ---hs---- C:\WINDOWS\system32\ijjlm.bak1
2007-08-26 01:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-26 01:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-26 00:03 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-08-25 11:16 <DIR> d-------- C:\VundoFix Backups
2007-08-24 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 22:31 <DIR> d-------- C:\NVIDIA
2007-08-24 21:39 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-24 21:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-24 21:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-23 20:22 574,508 --a------ C:\WINDOWS\system32\ulxvwasa.exe
2007-08-22 16:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-19 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
2007-08-19 15:36 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\HP
2007-08-19 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-19 15:30 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-19 15:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-19 15:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-19 15:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-19 15:24 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-08-19 15:24 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-08-19 15:24 117,760 --a------ C:\WINDOWS\system32\hpz3l4v2.dll
2007-08-19 15:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2007-08-19 15:23 892,928 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2007-08-19 15:23 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2007-08-19 15:23 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-08-19 15:23 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-08-19 15:23 294,912 -ra------ C:\WINDOWS\system32\hpovst11.dll
2007-08-19 15:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-19 15:23 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-19 15:21 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-08-19 15:21 <DIR> d-------- C:\Program Files\HP
2007-08-19 15:15 811 --------- C:\WINDOWS\hpomdl13.dat
2007-08-19 15:15 130,358 --a------ C:\WINDOWS\hpoins13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 10:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 10:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 10:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 10:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-28 09:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-28 09:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-28 09:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-27 03:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 02:09 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 06:09 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 06:09 615424 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 06:09 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 06:09 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 06:09 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 06:09 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 06:09 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 06:09 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 06:09 3058688 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 06:09 251392 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 06:09 205312 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 06:09 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 06:09 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 06:09 1494528 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 06:09 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 06:09 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 06:09 1023488 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-15 02:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 22:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 22:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13365B04-BAB9-49DF-9B47-A4A8228CF10F}]
C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E80BBEA-DB6E-47C6-94F4-59D8AD9C61E5}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{581CA6A9-F495-4E9F-B216-4021A5BB7183}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C767BD56-B788-414C-AA71-829F1EF6DE51}]
C:\WINDOWS\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD785ADD-5407-45D7-B1D3-AF3B324CDDF6}]
C:\WINDOWS\system32\ddcyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB8661B2-78E2-4E82-8D98-C6D0FE8006D4}]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AuditMode"="C:\sysprep\factory.exe" []
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2003-11-10 12:53]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2003-10-28 12:24]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 21:29]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2005-03-08 14:11]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 10:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-20 20:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 10:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 12:11]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-09-26 19:16:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 12:29:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 12:30:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 12:30
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:23 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Andrew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13365B04-BAB9-49DF-9B47-A4A8228CF10F} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {4E80BBEA-DB6E-47C6-94F4-59D8AD9C61E5} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {581CA6A9-F495-4E9F-B216-4021A5BB7183} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {C767BD56-B788-414C-AA71-829F1EF6DE51} - C:\WINDOWS\system32\gebcd.dll (file missing)
O2 - BHO: (no name) - {CD785ADD-5407-45D7-B1D3-AF3B324CDDF6} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: (no name) - {DB8661B2-78E2-4E82-8D98-C6D0FE8006D4} - C:\WINDOWS\system32\gebcy.dll (file missing)
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187948019593
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7754 bytes



thanks!

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 10 September 2007 - 11:58 AM

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    File::
    C:\WINDOWS\system32\ijjlm.bak1
    C:\WINDOWS\system32\ulxvwasa.exe
    FileLook::
    C:\WINDOWS\system32\hpotiop4.dll
    C:\WINDOWS\system32\hpowiax4.dll
    C:\WINDOWS\system32\hppldcoi.dll
    C:\WINDOWS\system32\difxapi.dll
    C:\WINDOWS\system32\hpovst11.dll
    C:\WINDOWS\hpomdl13.dat
    C:\WINDOWS\hpoins13.dat
    DirLook::
    C:\NVIDIA
    C:\DOCUME~1\ALLUSE~1\Applic~1\WEBREG
    Folder::
    C:\VundoFix Backups
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13365B04-BAB9-49DF-9B47-A4A8228CF10F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E80BBEA-DB6E-47C6-94F4-59D8AD9C61E5}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{581CA6A9-F495-4E9F-B216-4021A5BB7183}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C767BD56-B788-414C-AA71-829F1EF6DE51}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD785ADD-5407-45D7-B1D3-AF3B324CDDF6}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB8661B2-78E2-4E82-8D98-C6D0FE8006D4}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Posted Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


#5 Slowchimes

Slowchimes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 11 September 2007 - 01:26 AM

Thanks!

Combofix log:

ComboFix 07-09-09.5 - "Andrew" 2007-09-10 23:20:11.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT 12:00]

FILE::
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ulxvwasa.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\awtqn.dll.bad
C:\VundoFix Backups\dcbeg.bak1.bad
C:\VundoFix Backups\dcbeg.bak2.bad
C:\VundoFix Backups\dcbeg.ini.bad
C:\VundoFix Backups\ddcyx.dll.bad
C:\VundoFix Backups\gebcd.dll.bad
C:\VundoFix Backups\gebcy.dll.bad
C:\VundoFix Backups\hhhkj.bak1.bad
C:\VundoFix Backups\hhhkj.ini.bad
C:\VundoFix Backups\jkhhh.dll.bad
C:\VundoFix Backups\mllmm.dll.bad
C:\VundoFix Backups\mmllm.bak1.bad
C:\VundoFix Backups\mmllm.bak2.bad
C:\VundoFix Backups\mmllm.ini.bad
C:\VundoFix Backups\nqtwa.bak1.bad
C:\VundoFix Backups\nqtwa.ini.bad
C:\VundoFix Backups\qrqss.bak1.bad
C:\VundoFix Backups\qrqss.ini.bad
C:\VundoFix Backups\ssqrq.dll.bad
C:\VundoFix Backups\xycdd.bak1.bad
C:\VundoFix Backups\xycdd.ini.bad
C:\VundoFix Backups\ycbeg.bak1.bad
C:\VundoFix Backups\ycbeg.ini.bad
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ulxvwasa.exe


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-09 12:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 20:26 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-09-08 20:26 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-08 20:26 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-08 20:26 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-08 20:25 <DIR> d-------- C:\Program Files\Sygate
2007-09-08 18:38 <DIR> d-------- C:\DOCUME~1\Andrew\.housecall6.6
2007-08-26 01:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-26 01:17 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-26 00:03 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-08-24 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 22:31 <DIR> d-------- C:\NVIDIA
2007-08-24 21:39 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-24 21:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-24 21:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-22 16:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-19 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
2007-08-19 15:36 <DIR> d-------- C:\DOCUME~1\Andrew\APPLIC~1\HP
2007-08-19 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-19 15:30 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-19 15:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-19 15:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-19 15:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-19 15:24 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-08-19 15:24 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-08-19 15:24 117,760 --a------ C:\WINDOWS\system32\hpz3l4v2.dll
2007-08-19 15:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2007-08-19 15:23 892,928 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2007-08-19 15:23 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2007-08-19 15:23 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-08-19 15:23 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-08-19 15:23 294,912 -ra------ C:\WINDOWS\system32\hpovst11.dll
2007-08-19 15:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-19 15:23 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-19 15:21 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-08-19 15:21 <DIR> d-------- C:\Program Files\HP
2007-08-19 15:15 811 --------- C:\WINDOWS\hpomdl13.dat
2007-08-19 15:15 130,358 --a------ C:\WINDOWS\hpoins13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 10:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 10:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 10:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 10:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-28 09:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-28 09:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-28 09:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-27 03:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 02:09 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 06:09 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 06:09 615424 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 06:09 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 06:09 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 06:09 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 06:09 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 06:09 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 06:09 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 06:09 3058688 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 06:09 251392 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 06:09 205312 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 06:09 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 06:09 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 06:09 1494528 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 06:09 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 06:09 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 06:09 1023488 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-15 02:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 22:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 22:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- C:\WINDOWS\system32\hpotiop4.dll ----

Company: Hewlett-Packard Co.
File Description: HP AiO Scan Driver - hpotiop4
File Version: 82.0.168.000
Product Name: hp digital imaging - hp all-in-one series
Copyright: Copyright © Hewlett-Packard Co. 1995-2005
Original file name: hpotiop4.DLL

---- C:\WINDOWS\system32\hpowiax4.dll ----

Company: Hewlett-Packard
File Description: Hewlett-Packard WIA minidriver.
File Version: 8.1.0.44
Product Name: hpowiax4.dll
Copyright: c Copyright 2000-2005 Hewlett-Packard Company
Original file name: hpowiax4.dll

---- C:\WINDOWS\system32\hppldcoi.dll ----

Company: Hewlett-Packard
File Description: Preload Driver CoInstaller
File Version: 2, 1, 1, 51
Product Name: Preload Driver CoInstaller
Copyright: Copyright © Hewlett-Packard. All rights reserved.
Original file name: PreloadDriverCoInstall.dll

---- C:\WINDOWS\system32\difxapi.dll ----

Company: Microsoft Corporation
File Description: Driver Install Frameworks for API library module
File Version: 2.1
Product Name: Driver Install Frameworks API (DIFxAPI)
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: DIFxAPI.dll

---- C:\WINDOWS\system32\hpovst11.dll ----

Company: Hewlett-Packard Co.
File Description: HP Scan VendorSetup/Co-Installer
File Version: 82.0.168.000
Product Name: hp digital imaging - hp all-in-one series
Copyright: Copyright © Hewlett-Packard Co. 1995-2005
Original file name: HPOVST11.DLL

- Not a PE file.

- Not a PE file.

---- Directory of C:\NVIDIA ----

2005-06-17 17:46 156 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\README.TXT
2005-06-03 15:11 834 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.ini
2005-06-03 15:11 512 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\data2.cab
2005-06-03 15:11 510 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\layout.bin
2005-06-03 15:11 4868423 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\data1.cab
2005-06-03 15:11 435969 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.ibt
2005-06-03 15:11 32987 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\data1.hdr
2005-06-03 15:11 254618 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.inx
2005-06-03 14:44 286 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.iss
2005-06-03 14:44 176760 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.bmp
2005-04-21 01:30 53869 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmcp.cat
2005-04-21 01:30 50347 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmpu.cat
2005-04-20 12:44 58609 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmcp.inf
2005-04-13 12:37 4447 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmpu.inf
2005-04-13 12:34 937984 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmcp.sys
2005-04-13 12:34 7680 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvack.dll
2005-04-13 12:34 66688 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvarm.sys
2005-04-13 12:34 54272 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvopenal.dll
2005-04-13 12:34 5120 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\ALut.dll
2005-04-13 12:34 414464 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvapu.sys
2005-04-13 12:34 30208 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvasio.dll
2005-04-13 12:34 21504 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\OpenAL32.dll
2005-04-13 12:34 10240 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmpu401.sys
2005-04-13 12:32 53376 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvax.sys
2005-04-04 19:00 32256 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvcoam.dll
2005-04-04 19:00 32256 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvcoad.dll
2005-04-04 18:59 176128 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvumpu.exe
2005-04-04 18:59 176128 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvuaudio.exe
2005-02-11 04:14 4624 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvaudio.nvu
2005-02-08 22:59 68593 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.skin
2005-02-08 22:58 459544 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\engine32.cab
2005-02-08 22:58 116880 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\setup.exe
2005-02-08 14:26 659 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioDrv\nvmpu.nvu
2004-12-20 18:14 473 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\layout.bin
2004-12-20 18:14 43042 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\data1.hdr
2004-12-20 18:14 1882245 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\data2.cab
2004-12-20 18:14 1696748 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\data1.cab
2004-12-20 18:13 407 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\Setup.ini
2004-12-20 18:13 133279 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\setup.inx
2004-12-08 04:58 87960 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\Setup16.bmp
2004-12-08 04:58 502 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\setup.iss
2004-12-08 04:58 176760 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\setup.bmp
2004-07-15 11:42 339565 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\ikernel.ex_
2000-10-05 18:05 165888 --a------ C:\NVIDIA\nForceWin2KXP\4.62A\AudioUtl\Setup.exe

---- Directory of C:\DOCUME~1\ALLUSE~1\Applic~1\WEBREG ----

2007-08-19 15:37 240 --a------ C:\DOCUME~1\ALLUSE~1\Applic~1\WEBREG\WebRegData.xml


((((((((((((((((((((((((((((( snapshot_2007-09-09_123032.06 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 271,360 2006-12-22 00:28:14 C:\WINDOWS\system32\mscoree.dll
----a-w 6,144 2006-12-22 01:02:36 C:\WINDOWS\system32\mui\0409\mscorees.dll
----a-w 16,384 2007-09-10 11:23:10 C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat
----a-w 315,392 2007-04-13 08:56:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 2,142,208 2007-04-13 08:50:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 77,824 2007-04-13 08:58:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
----a-w 2,523,136 2007-04-13 08:57:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 2,514,944 2007-04-13 08:57:28 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 86,016 2007-04-13 08:57:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
----a-w 102,400 2007-04-13 08:58:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 81,920 2007-04-13 08:57:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 258,048 2007-04-13 09:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 73,728 2007-01-15 04:11:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 32,768 2007-04-13 09:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 1,232,896 2007-04-13 09:35:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 1,265,664 2007-04-13 09:35:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 282,624 2004-07-14 12:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3756\_fusion.dll
----a-w 1,265,664 2007-09-09 11:47:40 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 1,232,896 2007-09-09 11:47:42 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
----a-w 61,440 2007-09-09 11:47:50 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_23dcceeb\CustomMarshalers.dll
----a-w 3,391,488 2007-09-10 08:46:32 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_34f91594\mscorlib.dll
----a-w 1,470,464 2007-09-10 08:46:24 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_004fb596\System.Design.dll
----a-w 1,966,080 2007-09-09 11:47:48 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1fc8eec8\System.dll
----a-w 90,112 2007-09-09 11:47:58 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_23470869\System.Drawing.Design.dll
----a-w 835,584 2007-09-10 08:46:28 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cbd2fb3b\System.Drawing.dll
----a-w 3,018,752 2007-09-10 08:46:06 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cd6d60ea\System.Windows.Forms.dll
----a-w 2,088,960 2007-09-10 08:46:12 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c9939aaf\System.Xml.dll
.
----a-w 155,648 2004-07-14 12:24:50 C:\WINDOWS\system32\mscoree.dll
----a-w 16,384 2007-09-09 00:29:14 C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat
----a-w 86,016 2003-02-20 07:09:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
----a-w 77,824 2003-02-20 07:09:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
----a-w 106,496 2004-08-10 04:20:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 258,048 2004-07-14 13:49:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 32,768 2004-07-14 13:49:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 81,920 2004-07-14 12:32:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 315,392 2004-07-14 12:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 102,400 2004-07-14 12:33:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 2,138,112 2004-07-15 02:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 2,510,848 2004-07-14 12:26:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 1,224,704 2004-07-15 02:31:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 2,502,656 2004-07-14 12:28:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 1,257,472 2004-07-15 02:29:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 1,257,472 2007-09-08 08:33:36 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 1,224,704 2007-09-08 08:33:44 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AuditMode"="C:\sysprep\factory.exe" []
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2003-11-10 12:53]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2003-10-28 12:24]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 21:29]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2005-03-08 14:11]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 10:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-20 20:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 10:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 12:11]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-09-26 19:16:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 23:23:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 23:24:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 23:24
C:\ComboFix2.txt ... 2007-09-09 12:30
.
--- E O F ---

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:05 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Andrew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187948019593
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7122 bytes


thankyou for your help!

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 11 September 2007 - 02:09 PM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with anew HijackThis log & a description of any remaining problems.


#7 Slowchimes

Slowchimes
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 12 September 2007 - 02:46 PM

Eeset log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2523 (20070912)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.065 (20070802)
# EOSSerial=63c898e0d3e4f347a575ca374ada1d25
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-09-12 12:46:24
# local_time=2007-09-12 12:46:24 (+1200, New Zealand Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=160516
# found=1
# scan_time=1923
C:\qoobox\Quarantine\C\WINDOWS\system32\fjrkwpwq.exe.vir Win32/Agent.BCK trojan D739F570E0CD9E2D1E306735140B8F8A


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:50 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Andrew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187948019593
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7156 bytes

Thank you! Things seem to be running OK. What do I need to do now?

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 AM

Posted 13 September 2007 - 11:20 AM

You can delete combofix.exe & the C:\Qoobox folder

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

Edited by random/random, 13 September 2007 - 11:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users