Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Diagnostic Plz


  • Please log in to reply
7 replies to this topic

#1 Horli

Horli

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 03 December 2007 - 05:38 AM

Ive got AVAST, and it will came up saying that i have a virus Win32:Adware-gen and Win32:Agent-LTS .

Ive run Ad-Aware, Spybot, SuperAntispyware and a few online scanners but still coming up, plus in Safe Mode.

HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:03 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\UltraMon\UltraMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
E:\!download\Adam Monthly Usage Meter.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\SUPERantispyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
D:\nTUNE\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\WINDOWS\explorer.exe
D:\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whirlpool.net.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UltraMon] "D:\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\nTUNE\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MOMORacingFixCenter] "F:\GAMES\Game Patches,Mods,Save games\GTR files\MOMORacingFixCenter.exe" 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdamMonthlyUsageMeter] E:\!download\Adam Monthly Usage Meter.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERantispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140315665128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140321166937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dreamboatel.com.au/rivernowcam/h263ctrl.cab
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERantispyware\SASWINLO.dll
O21 - SSODL: kopmet - {43023DC5-A261-4944-A68D-48082F833A00} - (no file)
O21 - SSODL: jetctrl - {ECB2C457-32E7-4ABA-8498-2802B81804ED} - C:\WINDOWS\jetctrl.dll
O21 - SSODL: msmhost - {4002233B-0EC8-4B64-AB32-2532546A27F0} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {11E16D87-7BD4-48BE-88F6-067C48C94667} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nTUNE\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8172 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 04 December 2007 - 09:11 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Horli
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


If you have previously downloaded ComboFix,please delete that version now.

Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could lead to your system becoming unusable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Horli

Horli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 05 December 2007 - 02:46 AM

Ive have done what you have asked.

My HijackThis log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:22 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\nTUNE\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\UltraMon\UltraMon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
E:\!download\Adam ADSL Usage Meter.exe
D:\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UltraMon] "D:\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\nTUNE\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MOMORacingFixCenter] "F:\GAMES\Game Patches,Mods,Save games\GTR files\MOMORacingFixCenter.exe" 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdamMonthlyUsageMeter] E:\!download\Adam Monthly Usage Meter.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Registry] "D:\RegRunSuite\lsoon.exe" -1 30 "D:\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140315665128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140321166937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dreamboatel.com.au/rivernowcam/h263ctrl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERantispyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nTUNE\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7907 bytes



SDFIX report..

SDFix: Version 1.116

Run by Gazza on Wed 05/12/2007 at 05:22 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\jetctrl.dll - Deleted
C:\WINDOWS\nretcip.exe - Deleted
C:\WINDOWS\voipwet.dll - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 17:26:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol 120%\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ec,ea,b4,95,e4,c5,53,0f,d0,76,54,c8,ca,28,88,fe,19,b8,14,9d,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0f0dd4d5
"s2"=dword:27828dea
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\01\10-{C66320A1-D1B0-4264-7204-9D24870F66DF}-v1-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\11\13-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v11-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 51834 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\11\13-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v11-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3648 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\11\13-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v11-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5832 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\14\22-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v14-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1110 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\14\22-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v14-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\15\18-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v15-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 930 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\15\18-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v15-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\16\20-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v16-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 660 bytes hidden from API
C:\Documents and Settings\Gazza\Local Settings\Application Data\Microsoft\Messenger\gazmanl2k@hotmail.com\SharingMetadata\horl2k@hotmail.com\DFSR\Staging\CS{C66320A1-D1B0-4264-7204-9D24870F66DF}\16\20-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v16-{2E17B898-FC93-42CD-9FEA-4174D2FEBA5B}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 80 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\limewire\\LimeWire.exe"="D:\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"D:\\Bit Torent\\bittorrent.exe"="D:\\Bit Torent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Bit Tornado\\btdownloadgui.exe"="D:\\Bit Tornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\GTR\\GTR.EXE"="E:\\GTR\\GTR.EXE:*:Enabled:GTR - FIA GT Racing Game"
"E:\\!download\\utorrent.exe"="E:\\!download\\utorrent.exe:*:Enabled:utorrent"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"E:\\Call Of Duty 2\\CoD2MP_s.exe"="E:\\Call Of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\ICQLite\\ICQLite.exe"="D:\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\FarCry\\Bin32\\FarCry.exe"="E:\\FarCry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"E:\\Black And White\\runblack.exe"="E:\\Black And White\\runblack.exe:*:Enabled:lh"
"E:\\Ghost Recon AW\\GRAW_demo.exe"="E:\\Ghost Recon AW\\GRAW_demo.exe:*:Enabled:GRAW_demo"
"D:\\Real player\\realplay.exe"="D:\\Real player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\\Firefox\\firefox.exe"="D:\\Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\NewsLeecher\\newsLeecher.exe"="D:\\NewsLeecher\\newsLeecher.exe:*:Enabled:newsLeecher.exe"
"E:\\Steam\\SteamApps\\garymarkham\\counter-strike source\\hl2.exe"="E:\\Steam\\SteamApps\\garymarkham\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"D:\\TVUplayer\\TVUPlayer.exe"="D:\\TVUplayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"E:\\Battlefield 2\\BF2.exe"="E:\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"E:\\Battlefield 2\\BF21.exe"="E:\\Battlefield 2\\BF21.exe:*:Enabled:BF21"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\TUplayer\\TVUPlayer\\TVUPlayer.exe"="D:\\TUplayer\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\MotoGP2\\motogp2.exe"="E:\\MotoGP2\\motogp2.exe:*:Enabled:motogp2"
"E:\\Medal Of Honor Pacific Assault\\mohpa_demo.exe"="E:\\Medal Of Honor Pacific Assault\\mohpa_demo.exe:*:Enabled:Medal of Honor Pacific Assault™"
"D:\\Mozilla Firefox\\firefox.exe"="D:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\Race Driver 3\\RD3demo.exe"="E:\\Race Driver 3\\RD3demo.exe:*:Enabled:RaceDriver 3 Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\flashGet\\flashget.exe"="D:\\flashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Azureus\\Azureus.exe"="D:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\ICQLite\\ICQ6\\ICQ.exe"="D:\\ICQLite\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"E:\\Battle for middle earth\\game.dat"="E:\\Battle for middle earth\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"E:\\Lost Tribe\\LostPlanetDX9.exe"="E:\\Lost Tribe\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"E:\\Dirt Demo\\DiRTDemo.exe"="E:\\Dirt Demo\\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"E:\\Ultima Online 2D\\client.exe"="E:\\Ultima Online 2D\\client.exe:*:Enabled:Ultima Online Client"
"E:\\Titans Quest Immortal Throne\\Tqit.exe"="E:\\Titans Quest Immortal Throne\\Tqit.exe:*:Enabled:Tqit"
"D:\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="D:\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"E:\\Crysis Demo\\Bin32\\Crysis.exe"="E:\\Crysis Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"E:\\Medal Of Honor AA\\MOHAA.exe"="E:\\Medal Of Honor AA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"E:\\LOTR Battle For Middle Earth\\game.dat"="E:\\LOTR Battle For Middle Earth\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"E:\\Call Of Duty 4\\iw3mp.exe"="E:\\Call Of Duty 4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"E:\\TrackMania Nations ESWC\\TmNationsESWC.exe"="E:\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 12 Oct 2007 1,473,748,992 A..H. --- "C:\Downloads\CoD4MWDemoSetup.exe"
Wed 17 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 5 Dec 2007 0 A..H. --- "C:\Documents and Settings\Gazza\Local Settings\Temp\BIT25D.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT1.tmp"
Wed 10 Oct 2007 2,865 ...HR --- "C:\Documents and Settings\Gazza\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

ComboFix Log...

ComboFix 07-12-04.3 - Gazza 2007-12-05 17:38:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1554 [GMT 10.5:30]
Running from: C:\Documents and Settings\Gazza\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gazza\Application Data\macromedia\Flash Player\#SharedObjects\Y4M6YVYB\www.broadcaster.com
C:\Documents and Settings\Gazza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Gazza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-05 17:21 . 2007-12-05 17:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-05 17:12 . 2007-12-05 17:12 <DIR> d-------- C:\Program Files\Sun
2007-12-05 17:12 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-05 17:11 . 2007-12-05 17:11 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-04 21:46 . 2007-12-04 21:46 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 21:46 . 2007-12-04 21:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-04 21:46 . 2007-12-04 21:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-04 21:46 . 2007-12-04 21:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-04 19:33 . 2007-12-04 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-03 22:44 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-12-03 22:43 . 2007-12-03 22:43 <DIR> d-------- C:\Documents and Settings\Gazza\Application Data\Regrun
2007-12-03 22:43 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp
2007-12-03 18:03 . 2007-12-03 18:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-03 17:41 . 2007-12-03 18:07 <DIR> d-------- C:\Documents and Settings\Gazza\.housecall6.6
2007-12-02 19:36 . 2007-12-04 20:10 <DIR> d-------- C:\Documents and Settings\Gazza\Application Data\SUPERAntiSpyware.com
2007-12-02 19:36 . 2007-12-02 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-30 12:11 . 2007-11-30 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 12:11 . 2007-11-30 12:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-26 23:33 . 2007-11-26 23:33 754 --a------ C:\WINDOWS\WORDPAD.INI
2007-11-23 17:23 . 2007-11-23 17:23 <DIR> d-------- C:\WINDOWS\system32\Logs
2007-11-23 17:23 . 2007-11-23 17:43 <DIR> d-------- C:\Documents and Settings\Gazza\Application Data\tunebite
2007-11-11 18:58 . 2007-11-11 18:58 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-11 10:19 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-11 10:19 . 2007-11-14 15:11 140,757 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-11 10:19 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-11 10:18 . 2007-11-11 10:18 <DIR> d-------- C:\NVIDIA
2007-11-09 14:52 . 2007-11-09 16:51 <DIR> d-------- C:\Documents and Settings\Gazza\Application Data\My Battle for Middle-earth Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 06:42 --------- d-----w C:\Program Files\Java
2007-12-04 09:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 07:55 --------- d-----w C:\Documents and Settings\Gazza\Application Data\Newsbin
2007-12-02 01:37 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-12-02 01:37 --------- d-----w C:\Program Files\dvd43
2007-11-20 22:16 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-19 06:58 --------- d-----w C:\Documents and Settings\Gazza\Application Data\.BitTornado
2007-11-14 07:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 08:28 --------- d-----w C:\Documents and Settings\Gazza\Application Data\SystemRequirementsLab
2007-11-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-27 00:00 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-25 15:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 15:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 15:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 15:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 14:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 02:49 --------- d-----w C:\Documents and Settings\Gazza\Application Data\NewsLeecher
2007-10-19 01:46 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-06 09:48 --------- d-----w C:\Program Files\Razor
2007-10-06 09:41 --------- d-----w C:\Program Files\UOAM
2007-10-02 13:57 22,328 ----a-w C:\Documents and Settings\Gazza\Application Data\PnkBstrK.sys
2006-04-30 03:44 1 -c--a-w C:\Documents and Settings\Gazza\SI.bin
2004-03-11 02:57 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MOMORacingFixCenter"="F:\GAMES\Game Patches" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:30]
"AdamMonthlyUsageMeter"="E:\!download\Adam Monthly Usage Meter.exe" [2007-11-03 23:16]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Registry"="D:\RegRunSuite\lsoon.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-26 00:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-10 00:15]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"UltraMon"="D:\UltraMon\UltraMon.exe" [2006-10-12 21:27]
"NVIDIA nTune"="D:\nTUNE\nTune\nTuneCmd.exe" [2006-07-07 09:16]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 00:12 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 22:30 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 22:30 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:30]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\SUPERantispyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\SUPERantispyware\SASWINLO.dll 2006-10-19 09:12 258048 D:\SUPERantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2006-08-18 20:45 471040 --a------ D:\Anydvd\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D3DOverrider]
D:\RivaTurner\RivaTuner v2.05\Tools\D3DOverrider\D3DOverrider.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Daemon tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2006-05-22 13:26 694272 --a------ C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
D:\nod32\egui.exe /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
D:\Print Screen\PrintScreen\PrintScreen.exe /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 12:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
D:\Cyberlink DVD\Multimedia Launcher\PowerBar.exe /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\quicktime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 04:01 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
e:\steam\steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-02-06 11:00 480768 --a------ D:\SUPERantispyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --------- C:\Program Files\Windows Media Player\WMPNSCFG.exe

R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys
R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S3 RivaTuner32;RivaTuner32;\??\D:\RivaTurner\RivaTuner v2.05\RivaTuner32.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b71714fc-a422-11da-84c0-0015f2553320}]
\Shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - NVR0DEV
.
Contents of the 'Scheduled Tasks' folder
"2007-03-03 13:08:01 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2007-12-05 06:58:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 17:41:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-05 17:43:21 - machine was rebooted
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 December 2007 - 07:51 AM

Download\unzip to your desktop AVG Anti-Rootkit:
http://free.grisoft.com/softw/70free/setup...up-1.1.0.42.exe

Double click avgarkt-setup-1.1.0.42.exe to install,by default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit
Accept the license and follow the prompts to install.
You will be asked to reboot to finish the installation so click "Finish".
After rebooting,launch AVG by double clicking on the icon for AVG Anti-Rootkit on your desktop,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
You will see the progress bar moving from left to right.
The scan will take some time so be patient and let it finish.
When the scan has finished, a small window will open so you can view the results.
Right click over those results and select "Save Result To File".
By default the file will be saved with a .csv extension. (You can use Notepad to open the .cvs file)
Copy and paste those results into your next reply.
If anything was found, click "Remove selected items"
Note:
Close all open windows,programs,DO NOT USE the computer while scanning.
If the scan is performed while the computer is in use,false positives may appear in the scan results.


Please download Rootchk.exe and save to your desktop:
Important:- Temporarily disable any real-time monitoring programs (see note below).
Disconnect from the Internet.
Double-click on rootchk.exe to run the program.
A command prompt window will open as the scan begins and then close.
When the scan is completed, a logfile named rootlog.txt will open and be saved to the root directory usually C:\.
Copy and paste the contents of the log into your next reply.
Re-enable active protection on any program you temporarily disabled.

Note:
To avoid false positives,it is important that you temporarily disable ZoneAlarm Pro firewall,or any other security program that protects your registry (Spybot's Teatimer,Ad-Aware's Adwatch, Prevx, etc) before running the rootchk scan.
Click on this link to see a list of other programs that should be disabled.


Please run F-Secure Online Virus Scanner using Internet Explorer:
http://support.f-secure.com/enu/home/ols.shtml
In the opening page read:
1.General
2.System requirements
3.Start your scan,then click on 'Start scanning'.
The 'Internet Explorer-Security Warning' box will pop up,click on 'Install'
Read the Licence Agreement,then click on 'Accept'.
In the next window that opens click on 'Custom Scan'.
Under 'Virus Scan Options',make sure 'Scan whole system' is selected.
Under 'Other Scan Options',make sure the following are selected:
'Scan programs and documents'
'Scan all files'
'Scan whole system for rootkits'
'Scan whole system for spyware'
'Scan inside archives'
'Use advanced heuristics'
Then click on 'Start'.
The 'scanner components and databases' will then be downloaded,this will take some time.
The virus scan will then start automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 Horli

Horli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 December 2007 - 01:25 AM

AVG ANTI -ROOT KIT picked up nothing..... Even before the second lot of programs you said to run (results is below), all seemed good... even after 9 hrs with comp on after online scan was done no pop up`s and AVAST has being quiet.

If thats all, I thank you. :thumbsup:

F-SECURE REPORT

Scanning Report
Thursday, December 06, 2007 08:25:09 - 16:44:49

Computer name: GAZ
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 7 malware found
Malware.BHMQ (virus)

* C:\WINDOWS\system32\BASSMOD.dll (Submitted)

Possible Browser Hijack attempt (spyware)

* System (Disinfected)

Trojan.Win32.Chifrax.a (virus)

* E:\APPS\WinAVI_Video_Converter 8.0\WinAVI Video Converter 8.0 with working key.rar\WinAVI_Video_Converter 8.0.exe

W32/DLoader.DWMV (virus)

* D:\Real player\realplayer_crack.exe (Submitted)

W32/Suspicious_F.gen (virus)

* E:\APPS\WinRAR 3.60 Beta1.rar\WinRAR 3.60 Beta1\Activation Patch.exe
* E:\APPS\WinRAR 3.60 Beta1\Activation Patch.exe (Submitted)
* E:\APPS\WinRAR 3.60 Beta1\WinRAR 3.60 Beta1.rar\Activation Patch.exe

Statistics
Scanned:

* Files: 714262
* System: 4272
* Not scanned: 379

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 3

Files not scanned:

* `�<xϜIBERFIL.SYS C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_650.DAT
* C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\GAZZA\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\TEMP\ACRCB8D.TMP
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\TEMP\BIT204.TMP
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE(2)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE(2)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE(2)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\GAZZA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\Documents and Settings\Gazza\Application Data\Newsbin\CHUNKS\Abby Winters - Belly Dancing Girls- [05_45] - _ExMe-DancingGirls.part04.rar_ yEnc.001\Dancing Girls\Bilder\g_bellydancinggirls185.jpg
* C:\Documents and Settings\Gazza\Application Data\Newsbin\CHUNKS\Abby Winters - Belly Dancing Girls- [06_45] - _ExMe-DancingGirls.part05.rar_ yEnc.001\Dancing Girls\Bilder\g_bellydancinggirls264.jpg
* C:\Documents and Settings\Gazza\Application Data\Newsbin\CHUNKS\Abby Winters - Zena & Ralph - [06_21] - _Zena&Ralph.part05.rar_ yEnc.001\Zena & Ralph\Bilder\d_zenaraph271.jpg
* C:\DOCUMENTS AND SETTINGS\GAZZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AKSVCV8X.DEFAULT\PARENT.LOCK
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BifroseLA.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeWget.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeWget1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar.zip\ns778.tmp
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar1.zip\ns075.tmp
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hupigon.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hupigon1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hupigon2.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Ap\���



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:46 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\UltraMon\UltraMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
D:\nTUNE\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
E:\!download\Adam Monthly Usage Meter.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Mozilla Firefox\firefox.exe
D:\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\Gazza\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Gazza\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whirlpool.net.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UltraMon] "D:\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\nTUNE\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S
O4 - HKCU\..\Run: [MOMORacingFixCenter] "F:\GAMES\Game Patches,Mods,Save games\GTR files\MOMORacingFixCenter.exe" 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140315665128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140321166937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dreamboatel.com.au/rivernowcam/h263ctrl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERantispyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nTUNE\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8097 bytes


********************************* ROOTCHK-(25-11-07)-LOG, by ejvindh
Thu 06/12/2007 8:03:17.64

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 08:03:20
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol 120%\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ec,ea,b4,95,e4,c5,53,0f,d0,76,54,c8,ca,28,88,fe,19,b8,14,9d,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0f0dd4d5
"s2"=dword:27828dea
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:db,7a,b9,e2,5b,c5,52,38,ca,1b,ce,2e,3a,b2,49,b3,c7,6c,17,5f,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Daemon tools\"
"h0"=dword:00000001
"khjeh"=hex:12,14,e4,6f,24,84,9b,0f,a8,b3,46,48,ea,83,d8,c9,ea,1f,04,c1,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c9,c5,a5,30,c6,f2,7e,09,a9,7a,a3,de,f7,46,62,6c,ff,..
"khjeh"=hex:8b,f4,76,af,92,5c,1e,69,8b,62,06,91,24,2d,ca,32,4a,40,d2,19,41,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:15,b9,01,2d,c5,2a,02,49,95,d0,4c,da,a9,84,64,e9,ae,6e,ec,55,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fb,c9,86,11,f2,00,62,df,2c,0b,69,d6,9c,f5,da,63,f8,ff,82,af,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1b,6d,27,81,5f,2c,03,fd,cc,5d,25,9b,69,6e,c3,70,60,d5,65,19,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c8,65,f8,c8,fd,39,3b,4a,61,ff,e2,b8,71,68,ad,2a,85,f0,b7,33,c8,..

scanning hidden registry entries ...

scanning hidden files ...

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 06 December 2007 - 09:06 AM

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Delete the entire contents of this Recovery folder:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
E:\APPS\WinAVI_Video_Converter 8.0\WinAVI Video Converter 8.0 with working key.rar
D:\Real player\realplayer_crack.exe
E:\APPS\WinRAR 3.60 Beta1.rar\WinRAR 3.60 Beta1\Activation Patch.exe
E:\APPS\WinRAR 3.60 Beta1\Activation Patch.exe
E:\APPS\WinRAR 3.60 Beta1\WinRAR 3.60 Beta1.rar\Activation Patch.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Click on Start/Run,type cleanmgr into the 'Open:' space,then press Ok.
Let it scan your system for files to remove.
Make sure these 3 are checked and nothing else,then press Ok.
* Temporary Files
* Temporary Internet Files
* Recycle Bin


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

You’re running msconfig in Auto mode which means that you may have selectively unchecked some items in the past from starting up with Windows.
This can be bad if they’re malware, so please re-enable those startup entries by doing the following:
Click on Start>Run,type msconfig and then press Enter.
When the ‘System Configuration Utility’ opens click on the ‘Startup’ tab,make sure all the boxes are checkmarked.
Then press Apply/Ok to exit the utility.

Restart your pc,post a new Hijackthis log.
Let me know how your pc is running now.

Posted Image
Posted Image

#7 Horli

Horli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 December 2007 - 04:57 PM

When run the part for MOVEIT, AVAST pop up with a virus... in the chest it says (name)Activation Patch.exe (location) C:\_OTMoveIt\MovedFiles\WinRAR 3.60 Beta1 (virus) Win32:small-HRB [Trj]
Checked all of System Configuration Utility startup, then rebooted so below is the Hijackthis log with them all checked. (was a few to checked)
Again had no pop up`s etc.
This you said will only pick the drives C,D,E not folders... so i left that.

"Click on Start/Run,type cleanmgr into the 'Open:' space,then press Ok.
Let it scan your system for files to remove.
Make sure these 3 are checked and nothing else,then press Ok.
* Temporary Files
* Temporary Internet Files
* Recycle Bin"



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:46 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\UltraMon\UltraMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
D:\quicktime\qttask.exe
D:\nTUNE\nTune\nTuneService.exe
D:\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dvd43\dvd43_tray.exe
D:\Daemon tools\daemon.exe
D:\RivaTurner\RivaTuner v2.05\Tools\D3DOverrider\D3DOverrider.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\SUPERantispyware\SUPERAntiSpyware.exe
D:\Cyberlink DVD\Multimedia Launcher\PowerBar.exe
D:\Print Screen\PrintScreen\PrintScreen.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\steam\steam.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whirlpool.net.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UltraMon] "D:\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\nTUNE\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "D:\nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [D3DOverrider] "D:\RivaTurner\RivaTuner v2.05\Tools\D3DOverrider\D3DOverrider.exe" /s
O4 - HKCU\..\Run: [MOMORacingFixCenter] "F:\GAMES\Game Patches,Mods,Save games\GTR files\MOMORacingFixCenter.exe" 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PowerBar] "D:\Cyberlink DVD\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] D:\Print Screen\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AnyDVD] D:\Anydvd\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQLite\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140315665128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140321166937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dreamboatel.com.au/rivernowcam/h263ctrl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERantispyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nTUNE\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9138 bytes


E:\APPS\WinAVI_Video_Converter 8.0\WinAVI Video Converter 8.0 with working key.rar moved successfully.
D:\Real player\realplayer_crack.exe moved successfully.
File/Folder E:\APPS\WinRAR 3.60 Beta1.rar\WinRAR 3.60 Beta1\Activation Patch.exe not found.
E:\APPS\WinRAR 3.60 Beta1\Activation Patch.exe moved successfully.
File/Folder E:\APPS\WinRAR 3.60 Beta1\WinRAR 3.60 Beta1.rar\Activation Patch.exe not found.

Created on 12/07/2007 08:07:02

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 06 December 2007 - 06:51 PM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users