Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many infections Mywebsearch, Trojan-Spy, Backdoor win32, many others


  • This topic is locked This topic is locked
8 replies to this topic

#1 123Judy

123Judy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 08 December 2008 - 10:18 AM

Kaspersky scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 06, 2008 02:29:08
Records in database: 1439709
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
H:\
Scan statistics
Files scanned 91845
Threat name 25
Infected objects 68
Suspicious objects 0
Duration of the scan 02:35:29

File name Threat name Threats count
C:\Program Files\UltraVNC\WinVNC.exe/C:\Program Files\UltraVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL/C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ck 1
C:\Program Files\MyWebSearch\bar\2.bin\f3wphook.dll/C:\Program Files\MyWebSearch\bar\2.bin\f3wphook.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 2
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll/C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.db 3
MWSOEMON.EXE\mwsoestb.dll/MWSOEMON.EXE\mwsoestb.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.db 1
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL/C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ea 1
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL/C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cn 1
C:\Documents and Settings\judy\Desktop\server.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\Documents and Settings\judy\Desktop\server.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Documents and Settings\Tim.OFFICE\Local Settings\Application Data\Identities\{AAE0A683-5D94-4A2F-83A6-48DB7EB5B26E}\Microsoft\Outlook Express\Bambi's inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 4
C:\Documents and Settings\Tim.OFFICE\Local Settings\Application Data\Identities\{AAE0A683-5D94-4A2F-83A6-48DB7EB5B26E}\Microsoft\Outlook Express\ebay emails.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 10
C:\Documents and Settings\Tim.OFFICE\Local Settings\Application Data\Identities\{AAE0A683-5D94-4A2F-83A6-48DB7EB5B26E}\Microsoft\Outlook Express\ebay emails.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 3
C:\Documents and Settings\Tim.OFFICE\Local Settings\Application Data\Identities\{AAE0A683-5D94-4A2F-83A6-48DB7EB5B26E}\Microsoft\Outlook Express\keep.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\Tim.OFFICE\Local Settings\Application Data\Identities\{AAE0A683-5D94-4A2F-83A6-48DB7EB5B26E}\Microsoft\Outlook Express\keep.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dn 1
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.eb 1
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cn 1
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ed 1
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.dd 1
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bg 1
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ck 1
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cm 1
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ea 1
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ec 1
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.db 1
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ca 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\utils\frontdesk\Archive\Documents\FLV\FLV to Video Pro\FLVDownloader_Install.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\utils\frontdesk\Archive\Documents\FLV\FLV to Video Pro\FLVDownloader_Install.exe Infected: Backdoor.Win32.Sheldor.aw 1
C:\utils\frontdesk\Archive\Documents\Moyea\FLV Downloader\FLVFilePlayer.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\utils\frontdesk\Archive\Documents\Moyea\FLV Downloader\TakeRaw.dll Infected: Backdoor.Win32.Sheldor.bj 1
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\FLV2Video_Setup_r44744.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\FLV2Video_Setup_r44744.exe Infected: Backdoor.Win32.Sheldor.aw 1
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe Infected: Backdoor.Win32.Sheldor.bj 1
C:\WINNT\SYSTEM32\f3PSSavr.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bg 1
H:\My Documents\Programs\FLV2Video_Setup_r44744.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
H:\My Documents\Programs\FLV2Video_Setup_r44744.exe Infected: Backdoor.Win32.Sheldor.aw 1
H:\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
H:\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe Infected: Backdoor.Win32.Sheldor.bj 1
The selected area was scanned.


RSTI/Hijack this log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by judy at 2008-12-08 08:54:36
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 510 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:44 AM, on 12/8/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\judy\Desktop\RSIT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\trend micro\judy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20DABCB5-AB70-4E2B-BCA9-17155D5CF583} (hlpFrame Class) - http://access.worldplanroom.com/wpr/Resour...elpLauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://reprocentral.worldplanroom.com/priv...isplayListX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/dwfviewer/i...ViewerSetup.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} (BravaClientXView Class) - http://access.worldplanroom.com/wpr/Resour...ravaClientX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCI.local
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7464 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-aware 6.job
C:\WINNT\tasks\AdwareSpy.job
C:\WINNT\tasks\dfrg.job
C:\WINNT\tasks\Privacy Guardian.job
C:\WINNT\tasks\Registry Mechanic.job
C:\WINNT\tasks\Spybot - Search & Destroy.job
C:\WINNT\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINNT\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-19 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-30 844560]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-19 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-13 185896]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
"HPWPTOOLBOX"=C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe [2004-10-21 327680]
"DWQueuedReporting"=c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\SYSTEM32\ctfmon.exe [2005-03-21 11264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\SYSTEM32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\WINNT\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE %1
.vbs - edit - C:\WINNT\System32\Notepad.exe %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-08 08:54:37 ----DC---- C:\Program Files\trend micro
2008-12-08 08:54:36 ----DC---- C:\rsit
2008-12-08 07:33:31 ----D---- C:\Documents and Settings\judy\Application Data\Malwarebytes
2008-12-08 07:33:25 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 07:33:25 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-25 11:22:57 ----RAC---- C:\WINNT\scrub2k.exe
2008-11-25 11:22:57 ----RAC---- C:\WINNT\hpw2800k.ini
2008-11-25 11:21:41 ----AC---- C:\WINNT\hpbj2800.ini
2008-11-25 11:21:32 ----AC---- C:\WINNT\mariner.ini

======List of files/folders modified in the last 1 months======

2008-12-08 08:54:37 ----RADC---- C:\Program Files
2008-12-08 08:54:37 ----ADC---- C:\WINNT\SYSTEM32
2008-12-08 08:47:15 ----DC---- C:\Program Files\Mozilla Firefox
2008-12-08 08:40:25 ----ADC---- C:\WINNT\Debug
2008-12-08 08:38:57 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-08 08:37:48 ----AD---- C:\WINNT\system32\DRIVERS
2008-12-08 08:19:05 ----RASHD---- C:\WINNT\system32\DLLCACHE
2008-12-08 08:18:52 ----ADC---- C:\WINNT
2008-12-08 05:55:35 ----AD---- C:\WINNT\SECURITY
2008-12-05 23:11:18 ----ADC---- C:\WINNT\Temp
2008-12-05 17:00:53 ----SHDC---- C:\WINNT\Installer
2008-12-05 17:00:53 ----AHDC---- C:\Config.Msi
2008-12-05 09:00:41 ----D---- C:\Documents and Settings\judy\Application Data\AdobeUM
2008-12-01 08:26:03 ----ADC---- C:\Program Files\Internet Explorer
2008-11-25 11:24:13 ----AHDC---- C:\WINNT\INF
2008-11-25 11:22:46 ----RASDC---- C:\WINNT\Fonts
2008-11-25 11:22:41 ----DC---- C:\Program Files\Hewlett-Packard
2008-11-21 10:42:26 ----SHD---- C:\WINNT\CSC
2008-11-14 16:27:59 ----ADC---- C:\WINNT\Help
2008-11-14 14:29:24 ----DC---- C:\Program Files\UltraVNC
2008-11-10 13:53:47 ----DC---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2005-12-02 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-02-04 23420]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-10-04 13744]
R1 omci;OMCI WDM Device Driver; C:\WINNT\System32\DRIVERS\omci.sys [2002-11-08 17217]
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R2 HPFECP13;HPFECP13; C:\WINNT\system32\drivers\HPFECP13.sys [1998-07-30 52800]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 vnccom;vnccom; C:\WINNT\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbe5;Broadcom 440x 10/100 Integrated Controller Driver; C:\WINNT\System32\DRIVERS\bcm4sbe5.sys [2003-07-15 45082]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2004-03-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2004-03-21 21744]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINNT\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-01-15 49776]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
R3 vncdrv;vncdrv; C:\WINNT\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 AvFlt;Antivirus Filter Driver; C:\WINNT\system32\drivers\av5flt.sys [2004-12-09 89856]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [1999-10-23 61712]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [1999-10-27 345040]
S3 PSched;QoS Packet Scheduler; C:\WINNT\System32\DRIVERS\psched.sys [2003-06-19 60496]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS []
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2002-07-24 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 Iprip;RIP Listener; C:\WINNT\System32\svchost.exe [2002-07-24 7952]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-03 9150464]
R2 SimpTcp;Simple TCP/IP Services; C:\WINNT\System32\tcpsvcs.exe [2002-07-24 25360]
R2 SNMP;SNMP Service; C:\WINNT\System32\snmp.exe [2006-10-10 30480]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LPDSVC;TCP/IP Print Server; C:\WINNT\System32\tcpsvcs.exe [2002-07-24 25360]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.exe [2004-03-18 65536]
S3 SNMPTRAP;SNMP Trap Service; C:\WINNT\System32\snmptrap.exe [2003-06-19 7952]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2002-07-24 7952]
S4 hpdj00;hpdj00; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio []
S4 hpdj01;hpdj01; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj01.exe -servicerunning=true -uninstall=HP Officejet 7300 series fax -product=aio []
S4 hpdj02;hpdj02; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj02.exe -servicerunning=true -uninstall=HP Officejet 7300 series -product=aio []

-----------------EOF-----------------


Thanks for any help.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 16 December 2008 - 10:22 AM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 123Judy

123Judy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 17 December 2008 - 11:53 AM

After posting this the first thing I did was downloaded AVG. I was unaware there was no Antivirus myself until the day I posted this. Since then I have uninstalled AVG and installed Avira.

Avira Report:

Avira AntiVir Personal
Report file date: Tuesday, December 16, 2008 15:02

Scanning for 1094481 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TIM

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 15:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 21:01:30
ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 12/14/2008 21:01:32
ANTIVIR3.VDF : 7.1.0.243 114176 Bytes 12/16/2008 21:01:33
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 17:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/16/2008 21:01:40
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 22:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 20:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 16:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/16/2008 21:01:39
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/16/2008 21:01:38
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/16/2008 21:01:36
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/16/2008 21:01:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 12/16/2008 21:01:34
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 19:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, December 16, 2008 15:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'winvnc.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'SNMP.EXE' - '1' Module(s) have been scanned
Scan process 'TCPSVCS.EXE' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '499f18b5.qua'!
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU_\Data1.cab
[0] Archive type: CAB (Microsoft)
--> VDK10.RSD
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU__\Data1.cab
[0] Archive type: CAB (Microsoft)
--> VDK10.RSD
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe
[DETECTION] Contains recognition pattern of the DR/AdMoke.agg.3 dropper
[NOTE] The file was deleted!


End of the scan: Tuesday, December 16, 2008 16:07
Used time: 1:04:58 Hour(s)

The scan has been done completely.

9024 Scanning directories
367365 Files were scanned
1 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
1 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
367362 Files not concerned
3188 Archives were scanned
4 Warnings
2 Notes

Logfile of random's system information tool 1.04 (written by random/random)
Run by judy at 2008-12-17 10:52:24
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 31 GB (40%) free of 76 GB
Total RAM: 510 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:31 AM, on 12/17/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\System32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\judy\Desktop\RSIT.exe
C:\Program Files\trend micro\judy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20DABCB5-AB70-4E2B-BCA9-17155D5CF583} (hlpFrame Class) - http://access.worldplanroom.com/wpr/Resour...elpLauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://reprocentral.worldplanroom.com/priv...isplayListX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/dwfviewer/i...ViewerSetup.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} (BravaClientXView Class) - http://access.worldplanroom.com/wpr/Resour...ravaClientX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCI.local
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 8268 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-aware 6.job
C:\WINNT\tasks\AdwareSpy.job
C:\WINNT\tasks\dfrg.job
C:\WINNT\tasks\Privacy Guardian.job
C:\WINNT\tasks\Registry Mechanic.job
C:\WINNT\tasks\Spybot - Search & Destroy.job
C:\WINNT\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINNT\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-30 844560]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-13 185896]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
"HPWPTOOLBOX"=C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe [2004-10-21 327680]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\SYSTEM32\ctfmon.exe [2005-03-21 11264]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\SYSTEM32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\WINNT\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE %1
.scr - open - "C:\WINNT\notepad.exe" "%1"
.scr - install -
.scr - config -
.vbs - edit - C:\WINNT\System32\Notepad.exe %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-16 15:00:36 ----DC---- C:\Program Files\Avira
2008-12-16 15:00:36 ----DC---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-10 15:23:48 ----AC---- C:\WINNT\wininit.ini
2008-12-10 14:41:18 ----DC---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-12-10 14:41:17 ----DC---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-12-10 14:41:17 ----DC---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-10 14:41:17 ----DC---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-12-09 10:24:09 ----D---- C:\Documents and Settings\judy\Application Data\Autodesk
2008-12-09 09:06:19 ----HDC---- C:\$AVG8.VAULT$
2008-12-08 10:07:15 ----AC---- C:\WINNT\system32\oleaccrc.dll
2008-12-08 10:07:15 ----AC---- C:\WINNT\system32\oleacc.dll
2008-12-08 10:07:15 ----AC---- C:\WINNT\system32\msaatext.dll
2008-12-08 08:54:37 ----DC---- C:\Program Files\trend micro
2008-12-08 08:54:36 ----DC---- C:\rsit
2008-12-08 07:33:31 ----D---- C:\Documents and Settings\judy\Application Data\Malwarebytes
2008-12-08 07:33:25 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 07:33:25 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-25 11:22:57 ----RAC---- C:\WINNT\scrub2k.exe
2008-11-25 11:22:57 ----RAC---- C:\WINNT\hpw2800k.ini
2008-11-25 11:21:41 ----AC---- C:\WINNT\hpbj2800.ini
2008-11-25 11:21:32 ----AC---- C:\WINNT\mariner.ini

======List of files/folders modified in the last 1 months======

2008-12-17 10:52:06 ----ADC---- C:\WINNT\SYSTEM32
2008-12-17 10:49:58 ----AD---- C:\WINNT\SECURITY
2008-12-17 10:42:56 ----DC---- C:\Program Files\Mozilla Firefox
2008-12-17 10:38:57 ----ADC---- C:\WINNT\Temp
2008-12-17 08:56:08 ----D---- C:\Documents and Settings\judy\Application Data\AdobeUM
2008-12-16 15:00:40 ----AD---- C:\WINNT\system32\DRIVERS
2008-12-16 15:00:36 ----RADC---- C:\Program Files
2008-12-16 13:35:13 ----ADC---- C:\WINNT\Debug
2008-12-16 13:33:42 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-16 13:32:33 ----ADC---- C:\WINNT
2008-12-16 13:32:32 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-16 11:31:07 ----ADC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 10:02:47 ----SHDC---- C:\WINNT\Installer
2008-12-16 10:02:47 ----AHDC---- C:\Config.Msi
2008-12-16 09:14:13 ----RASHD---- C:\WINNT\system32\DLLCACHE
2008-12-12 17:02:05 ----AHDC---- C:\WINNT\INF
2008-12-12 17:01:04 ----ADC---- C:\Program Files\Windows Media Player
2008-12-11 13:16:41 ----DC---- C:\unzipped
2008-12-10 15:46:25 ----SHD---- C:\WINNT\CSC
2008-12-10 15:23:55 ----ADC---- C:\Program Files\Internet Explorer
2008-12-10 14:48:04 ----DC---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 14:22:13 ----HDC---- C:\WINNT\system32\CTF
2008-12-10 12:08:24 ----DC---- C:\TEMP
2008-12-10 11:56:08 ----D---- C:\Documents and Settings\judy\Application Data\Mozilla
2008-12-09 17:24:37 ----AC---- C:\WINNT\system32\MRT.exe
2008-12-08 10:18:29 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 10:07:35 ----ADC---- C:\WINNT\RegisteredPackages
2008-11-25 11:22:46 ----RASDC---- C:\WINNT\Fonts
2008-11-25 11:22:41 ----DC---- C:\Program Files\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINNT\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2005-12-02 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-02-04 23420]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [1999-10-04 13744]
R1 omci;OMCI WDM Device Driver; C:\WINNT\System32\DRIVERS\omci.sys [2002-11-08 17217]
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R2 HPFECP13;HPFECP13; C:\WINNT\system32\drivers\HPFECP13.sys [1998-07-30 52800]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 vnccom;vnccom; C:\WINNT\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 bcm4sbe5;Broadcom 440x 10/100 Integrated Controller Driver; C:\WINNT\System32\DRIVERS\bcm4sbe5.sys [2003-07-15 45082]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2004-03-21 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2004-03-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2004-03-21 21744]
R3 HSF_DP;HSF_DP; C:\WINNT\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINNT\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [1999-09-25 16144]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-01-15 49776]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
R3 vncdrv;vncdrv; C:\WINNT\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 winachsf;winachsf; C:\WINNT\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 ssmdrv;ssmdrv; C:\WINNT\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 AvFlt;Antivirus Filter Driver; C:\WINNT\system32\drivers\av5flt.sys [2004-12-09 89856]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [1999-10-23 61712]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [1999-10-27 345040]
S3 PSched;QoS Packet Scheduler; C:\WINNT\System32\DRIVERS\psched.sys [2003-06-19 60496]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS []
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2002-07-24 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 HidServ;HID Input Service; C:\WINNT\system32\hidserv.exe [2003-06-19 19728]
R2 Iprip;RIP Listener; C:\WINNT\System32\svchost.exe [2002-07-24 7952]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-03 9150464]
R2 SimpTcp;Simple TCP/IP Services; C:\WINNT\System32\tcpsvcs.exe [2002-07-24 25360]
R2 SNMP;SNMP Service; C:\WINNT\System32\snmp.exe [2006-10-10 30480]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 LPDSVC;TCP/IP Print Server; C:\WINNT\System32\tcpsvcs.exe [2002-07-24 25360]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.exe [2004-03-18 65536]
S3 SNMPTRAP;SNMP Trap Service; C:\WINNT\System32\snmptrap.exe [2003-06-19 7952]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2002-07-24 7952]
S4 hpdj00;hpdj00; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio []
S4 hpdj01;hpdj01; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj01.exe -servicerunning=true -uninstall=HP Officejet 7300 series fax -product=aio []
S4 hpdj02;hpdj02; C:\DOCUME~1\TIM~1.OFF\LOCALS~1\Temp\hpdj02.exe -servicerunning=true -uninstall=HP Officejet 7300 series -product=aio []

-----------------EOF-----------------

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 17 December 2008 - 12:30 PM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, navigate to and delete the following folders and files if still present:

Folder: C:\Program Files\MyWebSearch

Files: C:\utils\frontdesk\Archive\Documents\FLV\FLV to Video Pro\FLVDownloader_Install.exe
C:\utils\frontdesk\Archive\Documents\Moyea\FLV Downloader\FLVFilePlayer.exe
C:\utils\frontdesk\Archive\Documents\Moyea\FLV Downloader\TakeRaw.dll
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\FLV2Video_Setup_r44744.exe
C:\utils\frontdesk\Archive\Documents\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe
H:\My Documents\Programs\FLV2Video_Setup_r44744.exe
H:\My Documents\Programs\Moyea FLV Downloader1.7.0.0-Setup.exe
C:\Program Files\Internet Explorer\msimg32.dll
C:\WINNT\SYSTEM32\f3PSSavr.scr

Kaspersky also detected some infected mails. Unfortunately, I cannot tell you what mails exactly are infected, but they are located in the "Bambi's inbox" mailbox, the "ebay emails" mailbox and the "Keep" mailbox in your outlook express. So look there in those mailboxes if there are any suspicious looking mails there (don't click any links or open attachements) and delete them.

Extra note..
Kaspersly also flagged this:

C:\Program Files\UltraVNC\WinVNC.exe/C:\Program Files\UltraVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Documents and Settings\judy\Desktop\server.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1

They are related with WinVNC and not malicious. So you can keep it. However, if you're not aware that UltraVNC/WinVNC is installed here, then delete it.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 123Judy

123Judy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 17 December 2008 - 02:03 PM

New Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:02 PM, on 12/17/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20DABCB5-AB70-4E2B-BCA9-17155D5CF583} (hlpFrame Class) - http://access.worldplanroom.com/wpr/Resour...elpLauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFA3F5C-C7D8-44C2-A420-EC11E00C3F28} (DLXControl Class) - http://reprocentral.worldplanroom.com/priv...isplayListX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/dwfviewer/i...ViewerSetup.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} (BravaClientXView Class) - http://access.worldplanroom.com/wpr/Resour...ravaClientX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCI.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCI.local
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7468 bytes

WinVNC is an applicable program

Do I need to run Kasper Scan again?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 17 December 2008 - 02:12 PM

Hi,

Your log looks Ok.

I don't know if you have followed the instructions in my previous post about the deletion of files and folder.. but if you did, then there's no need to run Kaspersky again since you already removed what it found previously.


Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 123Judy

123Judy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 17 December 2008 - 02:36 PM

I did follow the directions and deleted your recommended files.

Thanks you very much.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 17 December 2008 - 02:37 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 18 December 2008 - 12:26 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users