Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 DottieR

DottieR

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 29 November 2008 - 12:07 PM

I posted this yesterday, but am not sure if I did it right.Spybot runs a huge amount of files names virtumundo. I ran vundofix and virtumundobegone and found nothing on both. They reported clean.

Attached Files

  • Attached File  info.txt   12.59KB   5 downloads


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 30 November 2008 - 11:33 PM

Hello DottieR,

You forgot to post the log.txt.

  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of log.txt (<<will be maximized)
. You dont have to post the info.txt file, as that is already posted.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 01 December 2008 - 09:39 PM

Well I thought I did. Trying again.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Me at 2008-11-28 15:34:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (42%) free of 19 GB
Total RAM: 512 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:05 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\freecell.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me.DOROTHY\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?ui=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185235554345
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EC226A-5490-4C76-B19C-B80092C7B7C5}: NameServer = 67.211.172.29 67.211.172.30
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Me.DOROTHY\My Documents\My Pictures\NASA\globe_west_540.jpg

--
End of file - 6827 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\avast! Antivirus.job
C:\WINDOWS\tasks\Windows Defender.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-21 657904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-29 196608]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"0000 - C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0"=C:\WINDOWS\command.com /c rmdir C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe /R []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\OPLIMIT\ocraware.exe [1996-11-11 51216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-08-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
C:\PROGRA~1\EFAXME~1.2\J2GTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-11-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-09-04 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-12-17 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
C:\Vstascan\vsaccess.exe [2000-01-06 159232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me.DOROTHY^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
C:\VSTASCAN\vsaccess.exe [2000-01-06 159232]

C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\Startup
Lunabar Taskbar Icon.lnk - C:\Program Files\Lunabar\Lunabar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 173568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.cmd - open - C:\WINDOWS\Explorer.exe "%1"
.cmd - edit -

======List of files/folders created in the last 1 months======

2008-11-28 15:34:19 ----D---- C:\Program Files\trend micro
2008-11-28 15:34:17 ----D---- C:\rsit
2008-11-19 11:18:38 ----D---- C:\Program Files\SpyZooka
2008-11-17 15:30:50 ----D---- C:\Program Files\Spyware Doctor
2008-11-17 15:30:50 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\PC Tools
2008-11-16 09:40:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 09:40:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 21:53:12 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:53:02 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:52:47 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-04 09:36:15 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-03 09:28:52 ----D---- C:\WINDOWS\Prefetch
2008-11-03 08:27:36 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-03 08:27:25 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-03 08:27:10 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-03 08:26:59 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-03 08:26:44 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-03 08:26:32 ----HD---- C:\WINDOWS\$NtUninstallKB953155$
2008-11-03 08:26:22 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-03 08:26:10 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-03 08:25:55 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-03 08:25:43 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-03 08:25:31 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-03 08:25:19 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-03 08:25:02 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-03 08:24:50 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-03 08:24:39 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-03 08:24:24 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-03 08:24:11 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-03 08:15:51 ----D---- C:\WINDOWS\system32\scripting
2008-11-03 08:15:48 ----D---- C:\WINDOWS\l2schemas
2008-11-03 08:15:47 ----D---- C:\WINDOWS\system32\en
2008-11-03 08:15:47 ----D---- C:\Program Files\msn
2008-11-03 08:15:46 ----D---- C:\WINDOWS\system32\bits
2008-11-03 08:12:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-03 07:59:52 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 07:59:43 ----D---- C:\WINDOWS\EHome
2008-11-02 09:07:22 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-02 09:07:20 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-02 09:07:14 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-02 09:07:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-02 09:07:12 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-02 09:07:12 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-02 09:07:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-02 09:07:07 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-02 09:07:03 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-02 09:07:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-02 09:07:00 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-02 09:07:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-02 09:06:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-02 09:06:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-02 09:06:56 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-02 09:06:54 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-02 09:06:53 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-02 09:06:53 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-02 09:06:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-02 09:06:51 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-02 09:06:51 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-02 09:06:46 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-02 09:06:44 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-02 09:06:44 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-02 09:06:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-02 09:06:40 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-02 09:06:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-02 09:06:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-02 09:06:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-02 09:06:37 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-02 09:06:37 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-02 09:06:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-02 09:06:34 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-02 09:06:33 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-02 09:06:31 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-02 09:06:30 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-02 09:06:30 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-02 09:06:29 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-02 09:06:27 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-02 09:06:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-02 09:06:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-02 09:06:27 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-02 09:06:25 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-02 09:06:24 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-02 09:06:23 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-02 09:06:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-02 09:06:21 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-02 09:06:21 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-02 09:06:15 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-02 09:06:09 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-02 09:06:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-02 09:06:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-02 09:06:02 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-02 09:06:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-02 09:06:01 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-02 09:06:01 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-02 09:06:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-02 09:05:54 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-02 09:05:29 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-02 09:05:27 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-02 09:05:22 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-02 09:05:21 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-02 09:05:21 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-02 09:05:20 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-02 09:05:20 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-02 09:05:19 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-02 09:05:19 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-02 09:05:19 ----N---- C:\WINDOWS\system32\hccoin.dll
2008-11-02 09:05:19 ----N---- C:\WINDOWS\slrundll.exe
2008-11-02 09:05:18 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-02 09:05:17 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-02 09:05:17 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-02 09:05:16 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-02 09:05:14 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-02 09:05:14 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-02 09:05:09 ----A---- C:\WINDOWS\002910_.tmp

======List of files/folders modified in the last 1 months======

2008-11-28 15:00:12 ----A---- C:\WINDOWS\ModemLog_Dell Data Fax Modem.txt
2008-11-27 21:55:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 10:41:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-17 05:56:32 ----A---- C:\WINDOWS\wininit.ini
2008-11-13 08:38:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-13 06:42:32 ----A---- C:\WINDOWS\imsins.BAK
2008-11-05 07:45:50 ----A---- C:\WINDOWS\solfire5.ini
2008-11-03 17:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 09:32:06 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-03 09:31:22 ----A---- C:\WINDOWS\setuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AEC671X;AEC671X; C:\WINDOWS\System32\drivers\AEC671X.SYS [1998-05-05 12128]
S1 DMX3191;DMX3191; C:\WINDOWS\System32\drivers\DMX3191.SYS [1999-02-23 17700]
S2 PV8630;PV8630 WDM Device Driver; C:\WINDOWS\System\PV8630.sys [2001-02-18 17284]
S2 UDNT;UDNT; C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 76260]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER); C:\WINDOWS\system32\DRIVERS\VQ2101XP.SYS [2002-07-26 5593]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 168432]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]

-----------------EOF-----------------

Attached Files

  • Attached File  log.txt   27.37KB   4 downloads

Edited by SifuMike, 01 December 2008 - 11:23 PM.
copy log.txt into post


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 01 December 2008 - 11:37 PM

Hi DottieR,

Please do NOT attach any of your replies, as it makes it hard to read.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6u10-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
Download Deckard's Association File Tool  daft.exe and save it to your desktop.
Double click on it and click Run.
Click on the Scan button.
If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (in your case .cmd
Click the Fix button.

I see no vundo in this RSIT log. How is the computer running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 December 2008 - 12:04 AM

I did download the Java 6, update 10 yesterday. I also have updates 3 and 7 listed in ad/remove prog.
No other Java there.

I think everything is OK with my computer. It is just all that stuff that Avast spends an hour scanning. All those virtumonde files and a lot of casino games, etc. I never go to those sites. I also can't find any of them with file search.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 02 December 2008 - 12:15 AM

Hi Dottie,

I also have updates 3 and 7 listed in ad/remove prog.
No other Java there.


You need to uninstall all of the old Java you have on your computer. That is updates 3 and 7.

Post a fresh Hijackthis log for a final check.


It is just all that stuff that Avast spends an hour scanning. All those virtumonde files and a lot of casino games, etc. I never go to those sites. I also can't find any of them with file search


You lost me. :thumbsup: Are you saying Avast is finding and deleting virtumonde files? You dont have to go those sites, as they can get loaded by a drive by download or using a P2P (like limewire) to download files.

Edited by SifuMike, 02 December 2008 - 12:16 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 December 2008 - 11:17 AM

I said Avast by mistake. Avast finds no problems. Spybot S&D runs Virtumonde files for almost an hour. If I cannot attach the RSIT log file to this post how do I get it to you as part of this thread.

Thanks.

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 02 December 2008 - 11:25 AM

Spybot S&D runs Virtumonde files for almost an hour

You lost me. :thumbsup: Are you saying S&D is finding Virtumonde files on your computer? Or are you saying the S&D is scanning for Virtumonde files for an hour? Quite a difference.


Just run RSIT and select files/folders created within 2 months, and it will produce a Log.txt file. You do not need to info.txt file.

You can copy and paste the log.txt file to this thread. Do not attach it, as that makes it hard to read.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 December 2008 - 04:32 PM

2nd Hijackthis scan, done this AM.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:14, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\freecell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?ui=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185235554345
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Me.DOROTHY\My Documents\My Pictures\NASA\globe_west_540.jpg

--
End of file - 6832 bytes

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 02 December 2008 - 06:12 PM

Hi Dottie,

Your log looks clean. :thumbsup: How is the computer running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 December 2008 - 08:03 PM

Nothing I have noticed, except this morning, after I ran Daft and corrected 2 things it would not boot up this morning. I tried the last successful config and after a couple more tries it booted. I can't find the log to show what was corrected.

So where is Spybot S&D finding all those virtumonde files it is scanning?

Thanks for your help.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 02 December 2008 - 08:14 PM

So where is Spybot S&D finding all those virtumonde files it is scanning?


Not quite sure I understand you. :thumbsup:
Spybot uses a malware definitions file to do the scanning (you download this weekly with the Spybot updates) and looks for many different kinds of malware. One of the malware it looks for is virutmonde, and there are many hundreds of them.
If it finds virtumonde then it will notify you.

Post the last Spybot log report so I can see what it is finding.

Edited by SifuMike, 02 December 2008 - 08:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 December 2008 - 11:36 PM

Spybot takes 2 hrs to run and doesn't find anything. Should it take that long?

Also the Java program is 92 MB? Do I need all that just to have silly little bouncing applets? Since I installed all this antispy stuff my hard disk is almost 3/4 full. It takes hours to rearrange my disk.


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDShred.exe (1.0.2.3)
2008-11-17 unins000.exe (51.49.0.0)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2008-10-22 advcheck.dll (1.6.2.13)
2008-10-22 Tools.dll (2.1.6.8)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\Adware.sbi (*)
2008-11-04 Includes\Trojans.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-26 Includes\TrojansC.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-25 Includes\SecurityC.sbi (*)
2008-11-25 Includes\PUPSC.sbi (*)
2008-11-25 Includes\MalwareC.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-11-11 Includes\SpywareC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
/ DirectX: Windows Update 904706
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Windows Media Update 917734
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953155)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: E94EEC07B6DA92BA0D892E55B6277421

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7C6B5065E7326E3C91A62800DF3A31FA

Located: HK_LM:Run, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_LM:RunOnce, 0000 - C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0
command: C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0"
file: C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\HP DeskJet 970C Series v2.0"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnceEx,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, AudioHQ (DISABLED)
command: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
file: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
size: 203264
MD5: 203B00A6322C8880A19C4C16B024DF70

Located: HK_LM:Run, CTSysVol (DISABLED)
command: C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
file: C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
size: 27648
MD5: 34FC19C6D474613662CE90B73EBC60C8

Located: HK_LM:Run, TaskMonitor (DISABLED)
command: C:\WINDOWS\taskmon.exe
file: C:\WINDOWS\taskmon.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: mstask.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, DWQueuedReporting
where: .DEFAULT...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 34880
MD5: 193D159EA2E807C67B718FDEFCAED47B

Located: HK_CU:Run, DWQueuedReporting
where: PE_C_DOROTHY ROEDER...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 34880
MD5: 193D159EA2E807C67B718FDEFCAED47B

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-823518204-1078145449-1202660629-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-823518204-1078145449-1202660629-1008...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, DWQueuedReporting
where: S-1-5-18...
command: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
size: 34880
MD5: 193D159EA2E807C67B718FDEFCAED47B

Located: Startup (user), Lunabar Taskbar Icon.lnk
where: C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\Startup...
command: C:\Program Files\Lunabar\Lunabar.exe
file: C:\Program Files\Lunabar\Lunabar.exe
size: 369664
MD5: 214CEA6DA35395D49F3E0C2FAC7D6A1B

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), eFax 4.2 (DISABLED)
command: C:\PROGRA~1\EFAXME~1.2\J2GTray.exe
file: C:\PROGRA~1\EFAXME~1.2\J2GTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), Kodak EasyShare software (DISABLED)
command: C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx
file: C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE
size: 176128
MD5: BB41E5EFC28A4B4F4B5AE99B0717AF76

Located: Startup (disabled), KODAK Software Updater (DISABLED)
command: C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE
file: C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE
size: 16423
MD5: DB9012564169875F5B2AA7F5FC4905E4

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~3\Office\OSA9.EXE
size: 65588
MD5: B70FA5FEA34B4F803E543F92B6C206BE

Located: Startup (disabled), Microsoft Works Calendar Reminders (DISABLED)
command: C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe
file: C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe
size: 29184
MD5: 87CC6680B09B3D0D271E6F01F942FD10

Located: Startup (disabled), UMAX VistaAccess (DISABLED)
command: C:\Vstascan\vsaccess.exe
file: C:\Vstascan\vsaccess.exe
size: 159232
MD5: 0EE8B8B9EBF3AEBEF6B7515B239342BF

Located: Startup (disabled), UMAX VistaAccess (DISABLED)
command: C:\VSTASCAN\vsaccess.exe
file: C:\VSTASCAN\vsaccess.exe
size: 159232
MD5: 0EE8B8B9EBF3AEBEF6B7515B239342BF

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 352256
MD5: D8EDAEEAF63BBF45ED9B7A3666641C2A

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 12/2/2008
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 11/16/2008 9:40:08 AM
Date (last access): 12/2/2008
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 11/29/2008 6:48:34 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:34 AM
Filesize: 320920
Attributes: archive
MD5: DC090E320775F1B1FE896F6E1D393D7F
CRC32: 068B5AFC
Version: 6.0.100.33

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\
Long name: swg.dll
Short name:
Date (created): 11/21/2008 11:52:50 AM
Date (last access): 12/2/2008
Date (last write): 11/21/2008 11:52:50 AM
Filesize: 657904
Attributes: archive
MD5: 2C7C2CE12A0A07A36EDCBAAE469DC867
CRC32: 8A58975B
Version: 5.0.926.3450

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/29/2008 6:48:32 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:32 AM
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 11/29/2008 6:48:34 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:34 AM
Filesize: 73728
Attributes: archive
MD5: 8F206275452A3668097A7A26F62A7127
CRC32: 44B85557
Version: 6.0.100.33



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class)
DPF name:
CLSID name: Support.com Configuration Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlcm.inf
Codebase: http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
description:
classification: Legitimate
known filename: tgctlcm.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\PCCheckupOnline\bin\
Long name: tgctlcm.dll
Short name:
Date (created): 5/29/2008 10:55:48 AM
Date (last access): 12/2/2008
Date (last write): 2/12/2008 12:10:10 PM
Filesize: 292080
Attributes: archive
MD5: 4DF55BAE46B1A77E5987C77AEA1DEAD7
CRC32: EDD6E886
Version: 7.0.848.0

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microsoftu...b?1185235554345
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 4/16/2007 10:43:40 PM
Date (last access): 12/2/2008
Date (last write): 4/16/2007 10:43:40 PM
Filesize: 208248
Attributes: archive
MD5: D8DEB8FEE84F26F70DDB7F06DB035A91
CRC32: 188AD856
Version: 7.0.6000.374

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/29/2008 6:48:32 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:32 AM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/...8928.6993981482
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/29/2008 6:48:32 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:32 AM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/29/2008 6:48:32 AM
Date (last access): 12/2/2008
Date (last write): 11/29/2008 6:48:32 AM
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 3/31/2006 11:55:14 AM
Date (last access): 12/2/2008
Date (last write): 2/28/2006 12:00:00 PM
Filesize: 832872
Attributes: archive
MD5: 1240074B72B4F6F2D6AEE92DB1D29AED
CRC32: 1587660D
Version: 6.0.79.0

{E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control)
DPF name:
CLSID name: Dell PC Checkup Installer Control
Installer: C:\WINDOWS\Downloaded Program Files\gtdownde_110.inf
Codebase: http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
description:
classification: Legitimate
known filename: GTDownDE_87.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: gtdownde_110.ocx
Short name: GTDOWN~2.OCX
Date (created): 11/25/2004 2:15:00 PM
Date (last access): 12/2/2008
Date (last write): 11/25/2004 2:15:00 PM
Filesize: 184320
Attributes: archive
MD5: D05E2AB470D3C1A88635A54A14FE5D76
CRC32: 1B7FFDAE
Version: 1.0.0.110



--- Process list ---
PID: 0 ( 0) [System]
PID: 264 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 328 ( 264) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 352 ( 264) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 396 ( 352) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 408 ( 352) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 556 ( 396) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 620 ( 396) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 660 ( 396) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 704 ( 396) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 756 ( 396) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 820 ( 396) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 896 ( 396) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
size: 611664
MD5: 17067069B9A7865028C1F2E6971D0CCC
PID: 916 ( 396) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 0E7A371AD278604844AC86DAA481743E
PID: 1068 ( 396) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 155160
MD5: 35DCFCB23E2EE5D354DA7005C3BA4A81
PID: 1076 (1004) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1260 (1076) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1296 (1076) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 81000
MD5: E94EEC07B6DA92BA0D892E55B6277421
PID: 1344 (1076) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 1352 (1076) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 1440 (1076) C:\Program Files\Lunabar\Lunabar.exe
size: 369664
MD5: 214CEA6DA35395D49F3E0C2FAC7D6A1B
PID: 1580 ( 396) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1788 ( 396) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 168432
MD5: AA821B41953B8765239FC49242C66972
PID: 1824 ( 396) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 5FD5865DC1A2100F8D4CF000EE5409A3
PID: 1872 ( 396) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 996 ( 396) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: B902B27E5CF14117319E38FD91477EF9
PID: 1176 ( 396) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: 1CF69C7314C6E1C92D8B92E13FF25D5B
PID: 2120 ( 396) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1476 ( 280) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: AB68B7C232293F6B09E5C29CB31AE76D
PID: 1220 (1076) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/2/2008 9:28:55 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://mail.google.com/mail/?ui=1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5A52EDB-D236-4A11-8337-D7C7DF3A9FCA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5A52EDB-D236-4A11-8337-D7C7DF3A9FCA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2933C124-62AF-4202-9CBD-FC1F775A04F3}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2933C124-62AF-4202-9CBD-FC1F775A04F3}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1331EC89-71C2-46C1-B93D-995A7B12DC40}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1331EC89-71C2-46C1-B93D-995A7B12DC40}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC226A-5490-4C76-B19C-B80092C7B7C5}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC226A-5490-4C76-B19C-B80092C7B7C5}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Thanks,
Dorothy

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 03 December 2008 - 12:56 AM

Hi,

Spybot takes 2 hrs to run and doesn't find anything. Should it take that long?


I did not think it would find anything. Spybot run time depends on how many files you have on your computer. If you have many files then it takes a long to complete, as it has to scan each file and registry entry.

Also the Java program is 92 MB? Do I need all that just to have silly little bouncing applets? Since I installed all this antispy stuff my hard disk is almost 3/4 full. It takes hours to rearrange my disk.


I dont know how big the Java program is, but it takes a while to download.
Many programs use Java applets. So if you unintall Java, then they will not run.

Installed all what antispy stuff? :) You installed RSIT and a new version of Java.

You can delete RSIT from your destop.

Your log looks clean. :thumbsup:


Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:21 AM

Posted 09 December 2008 - 10:03 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users