Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.vundo, Trojan.agent, Trojan.fakealert


  • Please log in to reply
1 reply to this topic

#1 nellsbells

nellsbells

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 April 2008 - 08:44 PM

Ive been fighting the Zlob.Downloader.vcs and Virtumonde-C Viruses for a few days now. Im hoping these logs are telling me that Ive finally won the battle, but I need a second opinion, any help? Greatly appreciated!!

Deckard's System Scanner v20071014.68
Run by Jack Schmitt on 2008-04-20 18:52:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2008-04-21 01:52:55 UTC - RP85 - Deckard's System Scanner Restore Point
84: 2008-04-20 18:10:03 UTC - RP84 - Removed Sunbelt CounterSpy.
83: 2008-04-20 17:40:54 UTC - RP83 - Installed Sunbelt CounterSpy.
82: 2008-04-19 23:21:58 UTC - RP82 - ComboFix created restore point
81: 2008-04-18 18:02:13 UTC - RP81 - Last known good configuration


-- First Restore Point --
1: 2008-04-18 18:01:54 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jack Schmitt.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:35 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\WINDOWS\system32\dllhost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Jack Schmitt\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\Jack Schmitt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - E:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download ALL with IDA - E:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - E:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with Rapget - E:\Documents and Settings\Jack Schmitt\My Documents\free software DL\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - E:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - E:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202970236097
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202995726296
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5692 bytes

-- HijackThis Fixed Entries (E:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080420-170021-478 O4 - HKLM\..\Policies\Explorer\Run: [zagrrzagrr] E:\Documents and Settings\All Users\Application Data\fubktaxi\verqlgva.exe
backup-20080420-170021-856 O2 - BHO: DVA Storm - {C6CF5BA3-2D76-40D1-A07F-2A0D18540255} - E:\WINDOWS\lgmxvpatwxm.dll (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "E:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 cercsr6 - e:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "e:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "e:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-19 19:29:01 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 16:41:07 0 d-------- E:\Program Files\Trend Micro
2008-04-20 10:56:16 0 --a------ E:\WINDOWS\system32\SBRC.dat
2008-04-20 10:56:16 0 --a------ E:\WINDOWS\system32\SBFC.dat
2008-04-20 10:41:18 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Sunbelt Software
2008-04-20 03:05:41 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Malwarebytes
2008-04-20 03:05:37 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 03:05:36 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 03:05:11 0 d-------- E:\Program Files\Common Files\Download Manager
2008-04-19 16:20:38 68096 --a------ E:\WINDOWS\zip.exe
2008-04-19 16:20:38 49152 --a------ E:\WINDOWS\VFind.exe
2008-04-19 16:20:38 212480 --a------ E:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-19 16:20:38 136704 --a------ E:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-19 16:20:38 161792 --a------ E:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-19 16:20:38 98816 --a------ E:\WINDOWS\sed.exe
2008-04-19 14:50:11 0 d-------- E:\Program Files\Enigma Software Group
2008-04-19 14:41:13 0 d-------- E:\VundoFix Backups
2008-04-18 18:54:35 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2008-04-18 18:09:51 0 d-------- E:\WINDOWS\resources
2008-04-18 12:37:32 1432 --a------ E:\WINDOWS\system32\tmp.reg
2008-04-18 11:02:24 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\TmpRecentIcons
2008-04-18 03:38:33 5869568 --a------ E:\Documents and Settings\Jack Schmitt\ntuser.dat
2008-04-18 00:13:15 0 d-------- E:\download
2008-04-17 21:08:23 0 d-------- E:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-17 20:46:31 0 d-------- E:\Program Files\Zone.com Deluxe Games
2008-04-16 03:16:02 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\BitTorrent
2008-04-16 03:15:51 0 d-------- E:\Program Files\DNA
2008-04-16 03:15:51 0 d-------- E:\Program Files\BitTorrent
2008-04-16 03:15:51 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\DNA
2008-04-04 06:03:37 0 d-------- E:\Program Files\MSXML 4.0
2008-04-04 01:28:13 0 d-------- E:\Downloads
2008-04-03 22:04:50 0 d-------- E:\Program Files\BitComet
2008-04-03 21:16:20 0 d-------- E:\Program Files\WinISO
2008-04-03 16:03:15 0 d-------- E:\Program Files\Spiderman
2008-04-02 23:30:38 0 d-------- E:\Program Files\Turbine
2008-03-31 14:25:48 823296 --a------ E:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 14:25:48 823296 --a------ E:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 14:25:46 802816 --a------ E:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ E:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ E:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-27 16:31:54 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\DivX
2008-03-26 01:11:22 0 d-------- E:\WINDOWS\system32\Adobe
2008-03-21 13:28:54 196608 --a------ E:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ E:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ E:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-20 03:05:11 0 d-------- E:\Program Files\Common Files
2008-04-17 19:22:36 0 d-------- E:\Program Files\DivX
2008-04-15 21:05:47 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\LimeWire
2008-04-02 23:30:38 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-03-26 01:12:37 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Adobe
2008-03-26 01:12:36 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Macromedia
2008-03-21 13:30:08 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2008-03-19 17:47:40 0 d-------- E:\Program Files\Java
2008-03-19 06:35:58 0 d-------- E:\Program Files\BearFlix
2008-03-19 06:25:16 0 d-------- E:\Program Files\BearFlix Applications
2008-03-19 05:07:26 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Apple Computer
2008-03-19 03:13:49 0 d-------- E:\Program Files\Windows Media Connect 2
2008-03-18 22:45:44 0 d-------- E:\Program Files\Aston
2008-03-18 22:45:33 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Aston
2008-03-18 22:45:31 0 --a------ E:\Program Files\AstonWriteTest.txt
2008-03-18 22:42:14 0 d-------- E:\Program Files\The Playa
2008-03-18 22:42:14 0 d-------- E:\Program Files\NimoCodec Pack
2008-03-18 22:42:14 0 d-------- E:\Program Files\DivXCodec
2008-03-18 22:42:10 0 d-------- E:\Program Files\XviD
2008-03-18 22:42:10 0 d-------- E:\Program Files\ffdshow
2008-03-18 22:42:04 0 d-------- E:\Program Files\AC3Filter
2008-03-18 22:41:32 0 d-------- E:\Program Files\Full Tilt Poker.Net
2008-03-18 22:41:19 0 d-------- E:\Program Files\openssl
2008-03-17 00:58:00 0 d-------- E:\Program Files\Ligos
2008-03-16 23:06:25 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\funkitron
2008-03-16 15:34:13 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Internet Download Accelerator
2008-03-13 06:29:58 0 d-------- E:\Program Files\IDA
2008-03-07 15:42:07 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Google
2008-03-07 14:56:00 0 d-------- E:\Program Files\Common Files\Adobe
2008-03-07 14:49:52 0 d-------- E:\Program Files\Google
2008-03-07 12:31:46 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\Sun
2008-03-06 23:21:56 0 d-------- E:\Program Files\iTunes
2008-03-06 23:21:47 0 d-------- E:\Program Files\iPod
2008-03-06 23:21:13 0 d-------- E:\Program Files\QuickTime
2008-03-06 23:20:24 0 d-------- E:\Program Files\Apple Software Update
2008-03-06 23:19:35 0 d-------- E:\Program Files\Common Files\Apple
2008-03-06 14:08:06 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\MSNInstaller
2008-03-05 08:47:52 0 d-------- E:\Program Files\Macromedia
2008-03-05 08:42:35 0 d-------- E:\Program Files\Common Files\Macromedia
2008-03-05 08:39:40 0 d-------- E:\Program Files\Common Files\InstallShield
2008-03-01 21:58:34 0 d-------- E:\Program Files\CONEXANT
2008-03-01 21:35:08 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\CyberLink
2008-03-01 21:31:47 0 d-------- E:\Program Files\CyberLink
2008-03-01 21:22:57 0 d-------- E:\Documents and Settings\Jack Schmitt\Application Data\WinRAR
2008-03-01 08:33:31 0 d-------- E:\Program Files\Realtek AC97
2008-03-01 06:40:47 0 d-------- E:\Program Files\LimeWire
2008-03-01 06:39:21 0 d-------- E:\Program Files\Common Files\Java
2008-02-20 21:41:26 0 d-------- E:\Program Files\Apoint
2008-02-20 07:41:36 0 d-------- E:\Program Files\Sony
2008-02-20 07:20:33 0 d-------- E:\Program Files\Microsoft IntelliPoint
2008-02-20 06:34:33 0 d-------- E:\Program Files\Microsoft.NET
2008-02-20 06:34:03 0 d-------- E:\Program Files\Microsoft ActiveSync
2008-02-13 22:29:10 22720 --a------ E:\WINDOWS\system32\emptyregdb.dat
2008-02-10 11:14:03 62 --ahs---- E:\Documents and Settings\Jack Schmitt\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/09/2008 10:53 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=E:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
E:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
E:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"E:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"E:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="E:\Program Files\DNA\btdna.exe"
"swg"=E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22bc4094-f66a-11dc-b4d2-080046cb1ade}]
AutoRun\command- WD_Windows_Tools\setup.exe

*Newly Created Service* - SYSMONLOG



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-20 18:54:03 ------------

Edited by nellsbells, 20 April 2008 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:37 AM

Posted 25 April 2008 - 03:29 PM

Hello! Welcome!


I see you already have Malwarebytes installed
  • Double-click the Malwarebytes Icon
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

If you have run this tool before please post all previous logfiles.

Edited by Rahina Rescue, 25 April 2008 - 03:32 PM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users