Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde... Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 nookey

nookey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 29 May 2008 - 02:44 PM

Infected With Virtumonde... please help

Deckard's System Scanner v20071014.68
Run by NOOKEY1 on 2008-05-29 20:34:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-05-29 19:34:33 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-05-29 05:40:17 UTC - RP3 - Last known good configuration
2: 2008-05-29 05:39:36 UTC - RP2 - ComboFix created restore point
1: 2008-05-29 05:39:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as NOOKEY1.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:40, on 29/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NOOKEY\Desktop\dss.exe
C:\DOCUME~1\NOOKEY\Desktop\NOOKEY1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 3249 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\NOOKEY\Desktop\backups\) --------------

backup-20080528-002846-103 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
backup-20080528-002846-136 O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
backup-20080528-002846-143 O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
backup-20080528-002846-197 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080528-002846-227 O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20080528-002846-229 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080528-002846-240 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080528-002846-244 O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
backup-20080528-002846-255 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
backup-20080528-002846-319 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
backup-20080528-002846-323 O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
backup-20080528-002846-329 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
backup-20080528-002846-350 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
backup-20080528-002846-389 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
backup-20080528-002846-395 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
backup-20080528-002846-404 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
backup-20080528-002846-415 O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
backup-20080528-002846-445 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080528-002846-468 O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20080528-002846-517 O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
backup-20080528-002846-530 O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20080528-002846-634 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
backup-20080528-002846-686 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080528-002846-814 O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20080528-002846-833 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
backup-20080528-002846-880 O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
backup-20080528-002846-884 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080528-002846-994 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
backup-20080528-002847-104 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-002847-202 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
backup-20080528-002847-237 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-002847-749 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
backup-20080528-002847-803 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-002936-204 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-002936-434 O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
backup-20080528-002936-538 O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
backup-20080528-002936-595 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-002936-798 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-002936-908 O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
backup-20080528-003018-800 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-003018-811 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-003018-998 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-004707-102 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-004707-184 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-004707-195 O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
backup-20080528-004707-205 O4 - HKCU\..\RunOnce: [SpybotDeletingD6658] cmd /c del "C:\WINDOWS\system32\qoMgeEvV.dll_old"
backup-20080528-004707-237 R3 - Default URLSearchHook is missing
backup-20080528-004707-248 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080528-004707-327 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080528-004707-331 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20080528-004707-423 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080528-004707-451 O4 - HKCU\..\RunOnce: [SpybotDeletingB7887] command /c del "C:\WINDOWS\system32\qoMgeEvV.dll_old"
backup-20080528-004707-459 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-004707-498 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
backup-20080528-004707-526 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
backup-20080528-004707-942 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
backup-20080528-063839-123 O2 - BHO: (no name) - {2101FEC8-E431-42AB-97E4-D16FB7DDF6E0} - C:\WINDOWS\system32\awtsTNgg.dll (file missing)
backup-20080528-063839-193 O2 - BHO: (no name) - {68A6988B-05F6-4171-8FAF-8CD4EC18D661} - C:\WINDOWS\system32\urqRHyvU.dll (file missing)
backup-20080528-063839-215 O2 - BHO: (no name) - {30F64F4A-3289-4610-B3D0-191BA134F08C} - C:\WINDOWS\system32\urqPhfgd.dll (file missing)
backup-20080528-063839-222 O2 - BHO: (no name) - {CF877D38-F815-4516-BFB3-C8BA5465BFE6} - C:\WINDOWS\system32\ddccAsSI.dll (file missing)
backup-20080528-063839-485 O2 - BHO: (no name) - {B3F41EC5-33A3-4A1E-A2FE-085733FEFD3A} - C:\WINDOWS\system32\hgGvwvUN.dll (file missing)
backup-20080528-063839-730 O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\jkkKebAQ.dll (file missing)
backup-20080528-063839-737 O2 - BHO: (no name) - {79084B75-1257-4834-A885-72B9543A8694} - C:\WINDOWS\system32\khfGyxUn.dll (file missing)
backup-20080528-063839-745 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-063839-819 O2 - BHO: (no name) - {2593F2DC-75C3-479E-BFCB-9B5B254D8A4F} - C:\WINDOWS\system32\qoMgeEvV.dll (file missing)
backup-20080528-063839-851 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-063839-994 O2 - BHO: (no name) - {5B13843F-B6B5-4392-87D1-AE5BB028AEB8} - C:\WINDOWS\system32\cbXOHApm.dll (file missing)
backup-20080528-063840-266 O20 - Winlogon Notify: jkkKebAQ - jkkKebAQ.dll (file missing)
backup-20080528-063910-420 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-063910-571 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-063934-523 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-063934-733 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-064648-328 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-064648-537 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080528-064648-595 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-064648-631 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-064648-807 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-064648-882 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-065746-177 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080528-065746-781 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
backup-20080528-065746-991 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20080528-072253-131 O4 - HKLM\..\RunOnce: [SpybotDeletingA6177] command /c del "C:\WINDOWS\system32\efcASlJA.dll_old"
backup-20080528-072253-234 O4 - HKCU\..\RunOnce: [SpybotDeletingD1820] cmd /c del "C:\WINDOWS\system32\efcASlJA.dll_old"
backup-20080528-072253-736 O2 - BHO: (no name) - {F597AC73-9910-47A5-B962-5D12794E00C0} - C:\WINDOWS\system32\efcASlJA.dll (file missing)
backup-20080528-072253-768 O4 - HKCU\..\RunOnce: [SpybotDeletingB2332] command /c del "C:\WINDOWS\system32\efcASlJA.dll_old"
backup-20080528-072253-903 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-072253-946 O4 - HKLM\..\RunOnce: [SpybotDeletingC6705] cmd /c del "C:\WINDOWS\system32\efcASlJA.dll_old"
backup-20080528-072253-956 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-072542-335 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-072542-431 O2 - BHO: (no name) - {F597AC73-9910-47A5-B962-5D12794E00C0} - C:\WINDOWS\system32\efcASlJA.dll (file missing)
backup-20080528-072542-766 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-072602-667 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-072602-845 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080528-174841-228 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080528-174841-622 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080529-063500-186 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll
backup-20080529-063500-765 O2 - BHO: (no name) - {34829CCD-A7F8-4A59-853E-D3AC9D42FB90} - C:\WINDOWS\system32\mlJCSMEw.dll (file missing)
backup-20080529-063500-916 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080529-194031-230 O4 - HKLM\..\RunOnce: [SpybotDeletingC3289] cmd /c del "C:\WINDOWS\system32\qoMcyXoM.dll_old"
backup-20080529-194031-586 O2 - BHO: (no name) - {98C22688-2683-45D2-9395-FCAC25E4C20B} - C:\WINDOWS\system32\qoMcyXoM.dll (file missing)
backup-20080529-194031-606 O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\byXPGAsT.dll
backup-20080529-194031-834 O4 - HKLM\..\RunOnce: [SpybotDeletingA4053] command /c del "C:\WINDOWS\system32\qoMcyXoM.dll_old"
backup-20080529-194031-866 O20 - Winlogon Notify: byXPGAsT - C:\WINDOWS\SYSTEM32\byXPGAsT.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys <Not Verified; ; ProtoWall Driver>

S2 giveio (IC-Prog Driver) - c:\documents and settings\nookey\desktop\icprog105e\icprog.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 Alpham (Ideazon ZBoard Composite Keyboard Driver) - c:\windows\system32\drivers\alpham.sys <Not Verified; Ideazon Corporation; ZBoard® Keyboard Family>
S3 DCamLGE (LG USB PC Camera(LPC-U30)) - c:\windows\system32\drivers\lgstrm.sys <Not Verified; LG Electronics Inc.; LG USB Camera II>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 OmniUsb (Ideazon USB Zboard Driver) - c:\windows\system32\drivers\omniusb.sys <Not Verified; Ideazon; Ideazon® Keyboard® System>
S3 OmniUsbl (Ideazon USBl Zboard Driver) - c:\windows\system32\drivers\omniusbl.sys <Not Verified; Ideazon; Ideazon® Keyboard® System>
S3 SIUSBXP - c:\windows\system32\drivers\siusbxp.sys <Not Verified; Silicon Laboratories; USBXpress>
S3 usb2vcom (USB to Serial Bridge Controller) - c:\windows\system32\drivers\usb2vcom.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S4 MsaSvc (Microsoft authenticate service) - c:\windows\system32\msasvc.exe (file missing)
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 System Session Manager Subsystem (MS Session Manager Subsystem) - c:\windows\system32\drivers\etc\smss.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 20:11:34 488 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-29 19:46:00 332 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-05-29 03:00:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-29 00:00:00 450 --a------ C:\WINDOWS\Tasks\AdsGone.job


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 00:56:01 68096 --a------ C:\WINDOWS\zip.exe
2008-05-29 00:56:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-29 00:56:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-29 00:56:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-29 00:56:01 98816 --a------ C:\WINDOWS\sed.exe
2008-05-29 00:56:01 80412 --a------ C:\WINDOWS\grep.exe
2008-05-29 00:56:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-29 00:56:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-28 00:05:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-27 23:48:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-27 23:20:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-27 23:20:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-27 23:20:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-27 23:20:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-27 23:20:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-27 23:20:48 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-27 23:20:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-27 23:20:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-27 23:20:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-27 23:20:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-27 23:20:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-27 23:20:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-27 23:20:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-27 23:20:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-27 23:07:12 0 d-------- C:\WINDOWS\Prefetch
2008-05-27 21:36:06 0 d-------- C:\WINDOWS\system32\scripting
2008-05-27 21:36:02 0 d-------- C:\WINDOWS\system32\en
2008-05-27 21:36:02 0 d-------- C:\WINDOWS\system32\bits
2008-05-27 21:36:02 0 d-------- C:\WINDOWS\l2schemas
2008-05-27 20:31:07 0 d-------- C:\Program Files\MSBuild
2008-05-27 20:29:42 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-27 20:29:07 0 d-------- C:\Program Files\Reference Assemblies
2008-05-26 20:43:56 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-05-26 20:43:56 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-05-17 10:19:37 0 d-------- C:\Program Files\Steam
2008-05-17 08:22:32 0 d-------- C:\WINDOWS\nvidia icons
2008-05-11 20:03:48 0 d--h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Templates
2008-05-11 20:03:48 0 dr------- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Start Menu
2008-05-11 20:03:48 0 dr-h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\SendTo
2008-05-11 20:03:48 0 d--h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Recent
2008-05-11 20:03:48 0 d--h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\PrintHood
2008-05-11 20:03:48 0 d--h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\NetHood
2008-05-11 20:03:48 0 d-------- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\My Documents
2008-05-11 20:03:48 0 d--h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Local Settings
2008-05-11 20:03:48 0 d-------- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Favorites
2008-05-11 20:03:48 0 d-------- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Desktop
2008-05-11 20:03:48 0 d--hs---- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Cookies
2008-05-11 20:03:48 0 dr-h----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Application Data
2008-05-11 20:03:48 0 d---s---- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\Application Data\Microsoft
2008-05-11 20:03:47 2097152 --ah----- C:\Documents and Settings\NOOKEY.IRS-0QHP2XUPOD0\NTUSER.DAT
2008-05-05 21:06:56 0 d-------- C:\Program Files\Enigma Software Group
2008-05-05 20:53:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-05 20:13:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-05 10:31:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 10:31:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-05 09:47:17 0 d--hs---- C:\WINDOWS\CSC
2008-05-04 05:46:14 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\HouseCall 6.6
2008-05-03 18:34:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 09:18:37 12320768 --a------ C:\Documents and Settings\NOOKEY\ntuser.dat
2008-05-03 09:18:36 241664 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-30 23:05:10 0 d-------- C:\Program Files\MSXML 6.0
2008-04-30 01:27:59 0 d-------- C:\Program Files\VIA


-- Find3M Report ---------------------------------------------------------------

2008-05-29 20:32:06 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\uTorrent
2008-05-27 21:36:29 0 d-------- C:\Program Files\Messenger
2008-05-27 21:36:02 0 d-------- C:\Program Files\Movie Maker
2008-05-27 21:33:16 0 d-------- C:\Program Files\Windows NT
2008-05-26 20:30:38 668 --a------ C:\Documents and Settings\NOOKEY\Application Data\vso_ts_preview.xml
2008-05-26 18:55:11 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\Vso
2008-05-26 17:02:48 0 d-------- C:\Program Files\FlashFXP
2008-05-26 08:13:51 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\GrabIt
2008-05-22 06:42:33 0 d-------- C:\Program Files\LogMeIn
2008-05-17 08:15:37 0 d-------- C:\Program Files\GameShadow
2008-05-11 19:17:09 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\OpenOffice.org2
2008-05-07 20:36:13 307533 --a------ C:\Documents and Settings\NOOKEY\Application Data\NMM-MetaData.db
2008-05-05 10:29:01 0 d-------- C:\Program Files\Panda Security
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-02 01:24:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-30 23:05:15 0 d-------- C:\Program Files\Nokia
2008-04-30 23:04:13 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-28 20:36:52 0 d-------- C:\Program Files\Common Files
2008-04-28 20:35:20 0 d-------- C:\Program Files\SureThing CD Labeler 5
2008-04-28 20:34:31 0 d-------- C:\Program Files\Online TV Player 3
2008-04-28 20:34:14 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\NewsSearcher
2008-04-28 20:34:07 0 d-------- C:\Program Files\NewsLeecher
2008-04-28 20:33:57 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\NewsBin
2008-04-28 20:31:36 0 d-------- C:\Program Files\Google
2008-04-28 20:31:01 0 d-------- C:\Program Files\CoffeeCup Software
2008-04-28 20:30:42 0 d-------- C:\Program Files\BOINC
2008-04-28 20:30:25 0 d-------- C:\Program Files\Vortex
2008-04-28 20:29:58 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 20:28:46 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-28 20:27:19 0 d-------- C:\Program Files\AdsGone
2008-04-27 00:46:37 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\dvdcss
2008-04-24 03:26:10 0 d-------- C:\Program Files\Picasa2
2008-04-10 14:10:19 1729 --a------ C:\WINDOWS\system32\adcklog.dat
2008-04-09 11:20:34 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\Xbins
2008-04-08 20:48:54 0 d-------- C:\Documents and Settings\NOOKEY\Application Data\IBP
2008-03-24 13:45:53 274432 --a------ C:\WINDOWS\system32\baksm.dll
2008-03-15 22:46:32 34 --a------ C:\Documents and Settings\NOOKEY\Application Data\pcouffin.log
2008-03-15 22:46:29 47360 --a------ C:\Documents and Settings\NOOKEY\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-15 22:46:29 1144 --a------ C:\Documents and Settings\NOOKEY\Application Data\pcouffin.inf
2008-03-15 22:46:29 7887 --a------ C:\Documents and Settings\NOOKEY\Application Data\pcouffin.cat
2008-03-15 22:12:30 0 --a------ C:\WINDOWS\system32\suupdate.dat
2008-03-12 13:10:18 633344 --a------ C:\WINDOWS\system32\gpprefcl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [03/04/2007 19:46]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20/02/2008 11:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/05/2008 22:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [20/09/2007 00:11]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [12/18/2007 9:49:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGAsT]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless PCI Card Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless PCI Card Configuration Utility.lnk
backup=C:\WINDOWS\pss\Belkin 802.11g Wireless PCI Card Configuration Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPatrol]
C:\PROGRA~1\AddWeb8\SmartPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"C:\Program Files\uTorrent\utorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Windows Services Control"=2 (0x2)
"WinDefend"=2 (0x2)
"System Session Manager Subsystem"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Routing"=2 (0x2)
"PnkBstrA"=2 (0x2)
"perfmons"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"MsaSvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
C:\WINDOWS\system32\svchost64.exe s



-- End of Deckard's System Scanner: finished at 2008-05-29 20:37:47 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:07 PM

Posted 27 June 2008 - 07:40 AM

Hello nookey

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.


Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:07 PM

Posted 07 July 2008 - 03:52 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users