Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"avira Not A Valid Win32..." Virus?


  • Please log in to reply
1 reply to this topic

#1 eyalwe

eyalwe

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 13 March 2008 - 10:07 AM

i was stupid to run some fake exe which crashed my AVIRA antivirus
also some .exe's will now give a "not a valid win32..." error
i run combofix (had to change the name to "combo-fix.exe" for it to run other wise: not a valid win32)

i did a combofix. then i was able to install and run kaspersky:

detected: virus Email-Worm.Win32.Bagle.of File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5254500.exe.vir
detected: Trojan program Trojan.Win32.Pakes.bwy File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5262875.exe.vir
detected: virus Email-Worm.Win32.Bagle.of File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\650984.exe.vir

the system seems clean and stable now.
should i do something?
are there any reg changes to be done?

here are combofix and hjthis logs:

ComboFix 08-03-10.1 - eyaler 03/13/2008 16:03:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1033.18.1492 [GMT 2:00]
Running from: C:\Documents and Settings\eyaler\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\5236125.exe
C:\WINDOWS\system32\drivers\down\5236843.exe
C:\WINDOWS\system32\drivers\down\5253656.exe
C:\WINDOWS\system32\drivers\down\5254500.exe
C:\WINDOWS\system32\drivers\down\5257531.exe
C:\WINDOWS\system32\drivers\down\5262875.exe
C:\WINDOWS\system32\drivers\down\5299921.exe
C:\WINDOWS\system32\drivers\down\5385406.exe
C:\WINDOWS\system32\drivers\down\5399703.exe
C:\WINDOWS\system32\drivers\down\643031.exe
C:\WINDOWS\system32\drivers\down\643984.exe
C:\WINDOWS\system32\drivers\down\649078.exe
C:\WINDOWS\system32\drivers\down\650984.exe
C:\WINDOWS\system32\drivers\down\654843.exe
C:\WINDOWS\system32\drivers\down\660328.exe
C:\WINDOWS\system32\drivers\down\663687.exe
C:\WINDOWS\system32\drivers\down\774078.exe
C:\WINDOWS\system32\drivers\down\780328.exe
C:\WINDOWS\system32\drivers\down\785000.exe
C:\WINDOWS\system32\drivers\down\789750.exe
C:\WINDOWS\system32\drivers\down\799328.exe
C:\WINDOWS\system32\drivers\down\811484.exe
C:\WINDOWS\system32\drivers\down\877203.exe
C:\WINDOWS\system32\drivers\down\879093.exe
C:\WINDOWS\system32\drivers\down\885343.exe
C:\WINDOWS\system32\drivers\down\927718.exe
C:\WINDOWS\system32\drivers\down\936562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA


((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-13 13:36 --------- d-----w C:\Program Files\eMule
2008-03-13 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 12:10 --------- d-----w C:\Program Files\Soulseek
2008-03-13 12:10 --------- d-----w C:\Documents and Settings\eyaler\Application Data\Symantec
2008-03-13 11:36 --------- d-----w C:\Documents and Settings\eyaler\Application Data\uTorrent
2008-03-13 00:01 --------- d-----w C:\Program Files\Symantec
2008-03-12 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 01:54 --------- d-----w C:\Documents and Settings\eyaler\Application Data\WinEdt
2008-03-12 00:54 --------- d-----w C:\Program Files\The Ur-Quan Masters
2008-03-12 00:43 --------- d-----w C:\Documents and Settings\eyaler\Application Data\foobar2000
2008-03-11 20:01 --------- d-----w C:\Program Files\MathWave
2008-03-11 18:56 --------- d-----w C:\Program Files\web-reg
2008-03-07 16:14 --------- d-----w C:\Program Files\MSDN
2008-03-07 05:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-03-07 05:34 --------- d-----w C:\Program Files\Business Objects
2008-03-07 05:30 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-03-07 05:29 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-07 05:26 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-03-07 05:26 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-07 05:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-07 03:44 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-07 03:30 --------- d-----w C:\Program Files\MSBuild
2008-03-07 03:24 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-06 01:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-29 14:02 --------- d-----w C:\Program Files\Phun
2008-02-29 11:20 --------- d-----w C:\Program Files\Windows Live
2008-02-29 11:20 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 11:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 17:50 --------- d-----w C:\Program Files\Lavasoft
2008-02-20 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 17:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 22:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 15:06 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-16 15:59 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-05 22:35 --------- d-----w C:\Program Files\Battlestar Galactica
2008-02-05 22:33 --------- d--h--r C:\Documents and Settings\eyaler\Application Data\SecuROM
2008-02-05 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 16:04 215,144 ----a-r C:\WINDOWS\pw32a.dll
2008-02-02 16:04 215,144 ----a-r C:\WINDOWS\patchw32.dll
2008-02-02 14:54 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-02-01 17:33 --------- d-----w C:\Program Files\Recaps
2008-01-30 00:22 --------- d-----w C:\Program Files\Soulseek-Test
2008-01-28 23:03 --------- d-----w C:\Documents and Settings\eyaler\Application Data\Ambient Design
2008-01-28 23:02 --------- d-----w C:\Program Files\Ambient Design
2008-01-28 11:13 287,488 ----a-w C:\WINDOWS\system32\drivers\RTL8187.sys
2008-01-23 20:56 --------- d-----w C:\Program Files\gs
2008-01-23 20:40 --------- d-----w C:\Program Files\Ghostgum
2008-01-23 15:58 --------- d-----w C:\Program Files\LizardTech
2008-01-19 17:31 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007-09-26 20:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007092620070927\index.dat
.

------- Sigcheck -------

09/20/2007 11:21 AM 823808 431defbb4a3d7b0dc062c1b064623a2f C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
08/20/2007 12:02 PM 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
10/30/2007 09:02 PM 666112 fcd4c436984c50f5d4f99c69f8206009 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
10/11/2007 01:47 AM 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\system32\wininet.dll
10/11/2007 01:47 AM 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/30/2007 09:02 PM 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 07:25 PM 81920]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [12/22/2007 09:20 AM 222080]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [01/31/2002 10:44 PM 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [01/31/2002 10:39 PM 16384 C:\WINDOWS\system32\dslagent.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/08/2007 07:47 AM 864256]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\WINDOWS\KHALMNPR.Exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [03/13/2008 04:07 PM 249896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\WINDOWS\KHALMNPR.Exe]
"Hebrew"="C:\Program Files\הפוך על הפוך\Hebrew.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM 8523776]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/09/2007 04:02 AM 1036288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/30/2007 09:02 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-29 00:03:45 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 12/23/2006 06:05 PM 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"LightScribeService"=2 (0x2)
"usnjsvc"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Soulseek-Test\\slsk.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [02/10/2007 05:29 AM]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S2 gafwload;GlobeSpan USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [01/14/2002 08:19 PM]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\eyaler\LOCALS~1\Temp\ALSysIO.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [07/20/2007 06:40 PM]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/28/2008 01:13 PM]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [09/04/2007 04:53 PM]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4876676-bbd5-11dc-8392-009096300101}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 12:00:05 C:\WINDOWS\Tasks\options.job"
- C:\options\archive\options.exe <--------------- this is OK, please ignore it
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 16:12:15
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3244]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Recaps\recaps.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 03/13/2008 16:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 14:31:22
.
2008-03-12 02:02:10 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:46, on 2008-03-13
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\הפוך על הפוך\Hebrew.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Recaps\recaps.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.tau.ac.il/remote.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\Hebrew.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\eyaler\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\oc.nsu"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: bezeq.lnk = ?
O4 - Startup: Recaps.lnk = C:\Program Files\Recaps\recaps.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C724F953-AD55-49D1-AB22-99054C425693}: NameServer = 192.117.235.235 62.219.186.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe (file missing)

--
End of file - 7260 bytes

Edited by eyalwe, 13 March 2008 - 11:22 AM.


BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:01 PM

Posted 01 April 2008 - 01:50 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them or include them codeboxes going forward.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. It is also possible that you may need to disable your Antivirus or Antimalware programs before this program can run properly A guide on how to temporarily disable many of the common protections programs can be found here.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users