Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SpyBot picked up Double click &Virtumonde&Virtumonde.prx


  • This topic is locked This topic is locked
2 replies to this topic

#1 Everyg

Everyg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 26 November 2008 - 10:28 AM

The computer is very slow plus the internet will have pop-ups come up at anytime. Mostly about removal of spyware.
I tried removing with Spybot,AVG&VundoFix No luck AVG said they foundTrojan Agent, Downloader.VB>Fen & .VB>BSA & .Small.Buy
Logfile of random's system information tool 1.04 (written by random/random)
Run by Bill Solano at 2008-11-26 10:12:35
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 19 GB (47%) free of 39 GB
Total RAM: 638 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:16 AM, on 11/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Bill Solano\Application Data\gadcom\gadcom.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Bill Solano\Application Data\Twain\Twain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2\bin\javaw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Bill Solano\Desktop\RSIT.exe
C:\Program Files\trend micro\Bill Solano.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: agadoo browser optimizer - {18f6b5d7-99ee-33ba-0849-6ea6698137b7} - C:\WINDOWS\system32\ethwayhszeemlxafk.dll (file missing)
O2 - BHO: mysidesearch search enhancer - {2BB6EC6E-BE8E-038A-CDE9-0D3178ACCC8C} - C:\WINDOWS\system32\agicygzjauneztuu.dll
O2 - BHO: (no name) - {4FD130AE-D8D2-4137-A680-C5CF233BE545} - C:\WINDOWS\system32\urqOgDvW.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: netupbanner browser enhancer - {9612BE8F-64E4-68D3-FDC5-0186DD642C97} - C:\WINDOWS\system32\cleruccddupahtfr.dll
O2 - BHO: (no name) - {972C455A-5014-4EA2-B8EA-25BC4F5CC59A} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: (no name) - {AAA98582-608E-4FEA-AC44-98A29746EC28} - C:\WINDOWS\system32\geBrrRki.dll
O2 - BHO: (no name) - {BBAC7CA2-10D1-4548-ACFC-D74143ABA85F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\program files\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{3c6653da-db87-688b-7379-95a290922845}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\ethwayhszeemlxafk.dll" DllStart
O4 - HKLM\..\Run: [imfthigmwn] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cleruccddupahtfr.dll"
O4 - HKLM\..\Run: [ecb2884b] rundll32.exe "C:\WINDOWS\system32\alajasou.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA5167] command /c del "C:\Program Files\Webtools\webtools.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Bill Solano\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Twain] "C:\Documents and Settings\Bill Solano\Application Data\Twain\Twain.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6156] cmd /c del "C:\Program Files\Webtools\webtools.dll"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: LimeWire 3.6.15 Pro.lnk = C:\Program Files\LimeWire\3.6.15 Pro\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://webvpnb.brsstf.ihost.com/vdesk/term...,2007,0223,0327
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webvpnb.brsstf.ihost.com/vdesk/term...,2007,0223,0314
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webvpnb.brsstf.ihost.com/vdesk/term...,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webvpnb.brsstf.ihost.com/vdesk/term...,2007,0223,0312
O20 - AppInit_DLLs: ldruth.dll zsvnpc.dll chqnbz.dll swlnoc.dll bfiabo.dll plkeke.dll
O20 - Winlogon Notify: urqOgDvW - C:\WINDOWS\SYSTEM32\urqOgDvW.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10335 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Update Check (D3Q31041-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (EGI-Bill Solano).job
C:\WINDOWS\tasks\McAfee.com Update Check (SALTY-Bill Solano).job
C:\WINDOWS\tasks\McAfee.com Update Check (SALTY-Dad).job
C:\WINDOWS\tasks\McAfee.com Update Check (SALTY-Mom).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18f6b5d7-99ee-33ba-0849-6ea6698137b7}]
agadoo browser optimizer - C:\WINDOWS\system32\ethwayhszeemlxafk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BB6EC6E-BE8E-038A-CDE9-0D3178ACCC8C}]
mysidesearch search enhancer - C:\WINDOWS\system32\agicygzjauneztuu.dll [2008-11-19 600576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FD130AE-D8D2-4137-A680-C5CF233BE545}]
C:\WINDOWS\system32\urqOgDvW.dll [2008-11-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9612BE8F-64E4-68D3-FDC5-0186DD642C97}]
netupbanner browser enhancer - C:\WINDOWS\system32\cleruccddupahtfr.dll [2008-11-20 325632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{972C455A-5014-4EA2-B8EA-25BC4F5CC59A}]
C:\WINDOWS\system32\jkkji.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAA98582-608E-4FEA-AC44-98A29746EC28}]
C:\WINDOWS\system32\geBrrRki.dll [2008-11-18 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBAC7CA2-10D1-4548-ACFC-D74143ABA85F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"VSOCheckTask"=c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2003-03-21 122880]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2003-03-18 200704]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2003-08-04 159744]
"VirusScan Online"=c:\program files\mcafee.com\vso\mcvsshld.exe [2003-03-21 159744]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-10-04 180269]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-11-17 4806656]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-14 6731312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-06 278528]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"{3c6653da-db87-688b-7379-95a290922845}"=C:\WINDOWS\system32\ethwayhszeemlxafk.dll DllStart []
"imfthigmwn"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
"ecb2884b"=C:\WINDOWS\system32\alajasou.dll [2008-11-26 75776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5167"=command /c del C:\Program Files\Webtools\webtools.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"gadcom"=C:\Documents and Settings\Bill Solano\Application Data\gadcom\gadcom.exe [2008-11-17 56832]
"Twain"=C:\Documents and Settings\Bill Solano\Application Data\Twain\Twain.exe [2008-11-20 61440]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD6156"=cmd /c del C:\Program Files\Webtools\webtools.dll []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
LimeWire 3.6.15 Pro.lnk - C:\Program Files\LimeWire\3.6.15 Pro\LimeWire.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ldruth.dll zsvnpc.dll chqnbz.dll swlnoc.dll bfiabo.dll plkeke.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqOgDvW]
C:\WINDOWS\system32\urqOgDvW.dll [2008-11-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-11-17 209408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{4FD130AE-D8D2-4137-A680-C5CF233BE545}"=C:\WINDOWS\system32\urqOgDvW.dll [2008-11-17 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBrrRki
"notification packages"=
:\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\j2re1.4.2\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-26 10:12:41 ----D---- C:\Program Files\trend micro
2008-11-26 10:12:35 ----D---- C:\rsit
2008-11-26 09:38:04 ----SH---- C:\WINDOWS\system32\uosajala.ini
2008-11-26 09:37:59 ----A---- C:\WINDOWS\system32\alajasou.dll
2008-11-26 09:23:00 ----A---- C:\WINDOWS\system32\plkeke.dll
2008-11-26 09:22:59 ----A---- C:\WINDOWS\system32\dhimhxcc.dll
2008-11-25 20:43:33 ----A---- C:\WINDOWS\system32\ieupdates.exe.tmp
2008-11-25 20:40:34 ----D---- C:\Program Files\Antivirus 2009
2008-11-25 13:13:48 ----ASH---- C:\WINDOWS\system32\ikRrrBeg.ini2
2008-11-25 09:20:36 ----A---- C:\WINDOWS\system32\qijvjrwe.dll
2008-11-25 09:20:36 ----A---- C:\WINDOWS\system32\lagjaq.dll
2008-11-24 08:55:08 ----A---- C:\WINDOWS\system32\hgGxXrRI.dll
2008-11-24 08:54:05 ----A---- C:\WINDOWS\system32\pcvetsvg.dll
2008-11-24 08:48:16 ----A---- C:\WINDOWS\system32\wturpm.dll
2008-11-24 08:48:15 ----A---- C:\WINDOWS\system32\mcglippj.dll
2008-11-24 08:29:41 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-24 08:29:40 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 08:29:39 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-24 08:29:38 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-24 08:03:25 ----A---- C:\WINDOWS\system32\vwdehbhi.dll
2008-11-24 08:00:26 ----A---- C:\WINDOWS\system32\shbicbyd.dll
2008-11-24 08:00:26 ----A---- C:\WINDOWS\system32\bfiabo.dll
2008-11-24 07:55:28 ----A---- C:\WINDOWS\system32\ssqQgGwU.dll
2008-11-24 07:39:38 ----A---- C:\WINDOWS\system32\byXNfDUn.dll
2008-11-23 19:25:19 ----A---- C:\WINDOWS\system32\vtUlJyWM.dll
2008-11-23 19:10:47 ----A---- C:\643.bat
2008-11-23 19:10:34 ----A---- C:\WINDOWS\system32\ssqRHBQh.dll
2008-11-23 08:00:01 ----A---- C:\WINDOWS\system32\swlnoc.dll
2008-11-23 07:59:58 ----A---- C:\WINDOWS\system32\ofkpilms.dll
2008-11-23 07:59:22 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-23 07:59:07 ----A---- C:\WINDOWS\system32\vtUmJDwU.dll
2008-11-20 11:05:58 ----D---- C:\Documents and Settings\Bill Solano\Application Data\Twain
2008-11-20 10:58:49 ----A---- C:\WINDOWS\system32\chqnbz.dll
2008-11-20 10:58:48 ----A---- C:\WINDOWS\system32\yquypdvs.dll
2008-11-20 10:56:54 ----A---- C:\WINDOWS\system32\cntygnga.dll
2008-11-19 05:06:32 ----A---- C:\WINDOWS\system32\agicygzjauneztuu.dll
2008-11-18 08:14:51 ----A---- C:\WINDOWS\system32\cqxludmu.dll
2008-11-18 08:11:53 ----A---- C:\WINDOWS\system32\zsvnpc.dll
2008-11-18 08:11:52 ----A---- C:\WINDOWS\system32\hmwefyrk.dll
2008-11-18 07:10:34 ----A---- C:\WINDOWS\system32\ldruth.dll
2008-11-18 07:10:33 ----A---- C:\WINDOWS\system32\lmngdeoa.dll
2008-11-18 07:10:05 ----A---- C:\WINDOWS\system32\e7914c35-.txt
2008-11-18 07:08:50 ----ASH---- C:\WINDOWS\system32\ikRrrBeg.ini
2008-11-18 07:08:43 ----A---- C:\WINDOWS\system32\geBrrRki.dll
2008-11-17 12:09:03 ----A---- C:\WINDOWS\system32\agicygzjauneztuu.dll-uninst.exe
2008-11-17 12:05:32 ----A---- C:\WINDOWS\system32\gside.exe
2008-11-17 11:08:41 ----A---- C:\WINDOWS\system32\cuslvdaeymcfgcmbp.exe
2008-11-17 11:07:49 ----A---- C:\WINDOWS\system32\lskioqymddxtq.exe
2008-11-17 11:05:37 ----D---- C:\Documents and Settings\Bill Solano\Application Data\gadcom
2008-11-17 11:05:24 ----A---- C:\WINDOWS\system32\g73.exe
2008-11-17 11:05:02 ----D---- C:\WINDOWS\system32\wpd
2008-11-17 11:05:02 ----D---- C:\WINDOWS\system32\spc
2008-11-17 11:05:02 ----D---- C:\WINDOWS\system32\ocx
2008-11-17 11:05:01 ----D---- C:\WINDOWS\system32\dom
2008-11-17 11:04:44 ----D---- C:\WINDOWS\system32\dPI02
2008-11-17 11:04:37 ----A---- C:\WINDOWS\system32\hgGwVLFY.dll
2008-11-17 11:04:34 ----A---- C:\WINDOWS\system32\urqOgDvW.dll
2008-11-14 23:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-14 09:25:13 ----A---- C:\WINDOWS\system32\vbzip10.dll

======List of files/folders modified in the last 1 months======

2008-11-26 10:12:41 ----RD---- C:\Program Files
2008-11-26 10:11:11 ----D---- C:\WINDOWS\Prefetch
2008-11-26 10:06:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 09:53:44 ----D---- C:\WINDOWS\Temp
2008-11-26 09:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 09:38:08 ----D---- C:\WINDOWS\SYSTEM32
2008-11-26 09:28:37 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 08:47:53 ----D---- C:\WINDOWS
2008-11-26 08:45:19 ----SD---- C:\WINDOWS\Tasks
2008-11-25 21:23:42 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-25 21:23:26 ----D---- C:\WINDOWS\system32\WBEM
2008-11-25 21:23:25 ----D---- C:\WINDOWS\Registration
2008-11-25 21:10:07 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 14:14:50 ----A---- C:\VundoFix.txt
2008-11-25 13:24:44 ----D---- C:\VundoFix Backups
2008-11-25 13:11:09 ----AC---- C:\WINDOWS\wininit.ini
2008-11-25 13:08:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-24 18:30:54 ----D---- C:\TEMP
2008-11-24 18:30:49 ----RSD---- C:\WINDOWS\Fonts
2008-11-24 18:30:48 ----D---- C:\Program Files\Enigma Software Group
2008-11-24 10:40:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-24 09:48:30 ----SHD---- C:\WINDOWS\Installer
2008-11-24 09:48:30 ----SHD---- C:\Config.Msi
2008-11-24 09:48:25 ----HD---- C:\WINDOWS\INF
2008-11-24 09:48:23 ----D---- C:\Program Files\Common Files
2008-11-24 09:48:18 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-24 08:05:22 ----D---- C:\Documents and Settings\Bill Solano\Application Data\U3
2008-11-20 10:05:58 ----A---- C:\WINDOWS\system32\cleruccddupahtfr.dll
2008-11-14 23:32:18 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-14 23:32:11 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 23:32:08 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 23:30:41 ----D---- C:\WINDOWS\WinSxS
2008-11-03 18:24:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 15:06:19 ----A---- C:\WINDOWS\QTW.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-11-17 15360]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-22 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\BILLSO~1\LOCALS~1\Temp\gkmixern.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2003-03-21 102400]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-11-17 3299328]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-06 323584]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-18 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2003-08-04 245760]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:44 AM

Posted 13 December 2008 - 10:43 PM

Hello Everyg,

Sorry fo the delay. We have many logs backed up.

Since it has been several days, please run RSITagain.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 13 December 2008 - 10:48 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:44 AM

Posted 03 January 2009 - 01:16 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users