Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PAK.Generic, TROJ PATCHCD.DIJ and others


  • Please log in to reply
1 reply to this topic

#1 ajain

ajain

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 22 December 2008 - 01:34 AM

Hello, my computer got infected with PAK.Generic, BHO and other trojans based on notification by Trend Micro PC Cillin. Since then, I have tried removing with CCleaner, Cwshredder, spybot, spyware blaster and PC cillin. No luck yet.

The virus causes random IE windows to pop up and also disables automatic updates of spyware removal software. Also, I am unable to install any new programs. I tried installing Windows Recovery console on my hard drive but no luck. However, I am able to run it from windows xp cd. Also, tried to run combofix but it does not scan for malware and simply produces a log which I can share as needed. I did runt the RSIT tool and am attaching the HJT log produced by it. Any help would be highly appreciated!

-----------------------------------HJT Log --------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jain at 2008-12-22 00:25:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 320 MB (3%) free of 10 GB
Total RAM: 1023 MB (46% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\cleanmgr.job
C:\WINDOWS\tasks\hnbbbyje.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\mydefrag.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\cbXPgfff.dll [2008-12-21 57856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD0BC1DB-C168-494D-8F29-3F8C0D48DBD5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-10-08 57344]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=d:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-09-14 2595480]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-09-14 905056]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-09-14 140568]
"pccguide.exe"=D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2006-12-29 3429904]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=D:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-06-05 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
D:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
d:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-12-04 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-19 3084288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
D:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-07-21 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2003-09-03 565248]

C:\Documents and Settings\Jain\Start Menu\Programs\Startup
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" swwccf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=d:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\cbXPgfff.dll [2008-12-21 57856]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
C:\WINDOWS\system32\ddcbyyAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"D:\Program Files\Azureus\Azureus.exe"="D:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\mIRC\mirc.exe"="D:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\AutoRun\command - N:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2008-12-22 00:25:33 ----D---- C:\rsit
2008-12-22 00:25:33 ----D---- C:\Program Files\trend micro
2008-12-21 23:43:38 ----A---- C:\ComboFix.exe
2008-12-21 20:49:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-21 19:41:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 19:29:11 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 19:12:00 ----A---- C:\WINDOWS\system32\fccdcDsP.dll
2008-12-21 19:10:17 ----SHD---- C:\WINDOWS\CSC
2008-12-21 19:02:46 ----D---- C:\Program Files\Windows Defender
2008-12-21 19:01:50 ----D---- C:\Program Files\SpywareBlaster
2008-12-21 18:39:07 ----D---- C:\Program Files\CCleaner
2008-12-21 16:35:44 ----SH---- C:\WINDOWS\system32\eceetbdy.ini
2008-12-21 16:35:40 ----A---- C:\WINDOWS\system32\ydbteece.dll
2008-12-21 16:27:26 ----A---- C:\WINDOWS\system32\yvmghiwn.dll
2008-12-21 16:26:51 ----A---- C:\WINDOWS\system32\3f10db37-.txt
2008-12-21 16:26:38 ----ASH---- C:\WINDOWS\system32\TAyybcdd.ini2
2008-12-21 16:26:38 ----ASH---- C:\WINDOWS\system32\TAyybcdd.ini
2008-12-21 11:25:51 ----D---- C:\WINDOWS\system32\cap2
2008-12-21 11:25:51 ----D---- C:\WINDOWS\system32\ain
2008-12-21 11:21:29 ----SH---- C:\WINDOWS\system32\ujospeyt.ini
2008-12-21 11:21:25 ----A---- C:\WINDOWS\system32\tyepsoju.dll.txt
2008-12-21 11:18:37 ----A---- C:\WINDOWS\system32\qzblmr.dll
2008-12-21 11:15:15 ----ASH---- C:\WINDOWS\system32\bdMTDJjl.ini2
2008-12-21 11:15:13 ----ASH---- C:\WINDOWS\system32\bdMTDJjl.ini
2008-12-21 11:14:59 ----A---- C:\WINDOWS\system32\ljJDTMdb.dll.txt
2008-12-21 11:09:51 ----D---- C:\Documents and Settings\Jain\Application Data\gadcom
2008-12-21 11:09:11 ----A---- C:\WINDOWS\system32\cbXPgfff.dll
2008-12-12 03:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-27 13:14:17 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-27 12:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\Nero

======List of files/folders modified in the last 1 months======

2008-12-22 00:25:34 ----D---- C:\WINDOWS\TEMP
2008-12-22 00:25:33 ----RD---- C:\Program Files
2008-12-22 00:11:48 ----D---- C:\WINDOWS\system32
2008-12-21 23:03:38 ----D---- C:\WINDOWS
2008-12-21 19:14:27 ----D---- C:\WINDOWS\Debug
2008-12-21 19:13:26 ----SD---- C:\WINDOWS\Tasks
2008-12-21 19:04:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 19:03:05 ----SHD---- C:\WINDOWS\Installer
2008-12-21 19:03:05 ----HD---- C:\Config.Msi
2008-12-21 19:02:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-21 18:39:49 ----D---- C:\WINDOWS\Prefetch
2008-12-21 12:01:41 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-21 11:35:02 ----D---- C:\Documents and Settings\Jain\Application Data\Azureus
2008-12-21 11:26:12 ----D---- C:\Temp
2008-12-21 11:26:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-18 03:01:14 ----HD---- C:\WINDOWS\inf
2008-12-18 03:01:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:05:16 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-27 21:46:50 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-27 13:14:17 ----D---- C:\Documents and Settings\Jain\Application Data\Ahead
2008-11-27 12:48:50 ----A---- C:\WINDOWS\Vstudio.INI
2008-11-27 12:48:50 ----A---- C:\WINDOWS\Ulead32.ini
2008-11-27 12:37:33 ----D---- C:\WINDOWS\WinSxS
2008-11-27 12:34:03 ----D---- C:\Program Files\Common Files\Ahead
2008-11-25 10:49:37 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\System32\mbmiodrvr.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 rdbsss;rdbsss; C:\WINDOWS\System32\drivers\rdbsss.sys [2008-12-21 86272]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-12-29 75088]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-03-20 44384]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-10-03 401152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-10-09 475788]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-08-04 96704]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-06-02 576512]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2005-01-31 22016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-04 22528]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV673;WebCam II; C:\WINDOWS\system32\drivers\STV673.sys [2000-07-31 103548]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WINFLASH;WINFLASH; \??\E:\KT600A_FLASHER\WinFlash.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-09-14 427288]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-06-02 282624]
R2 DXDebug;DirectX Debug Service; C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe [2006-03-31 88784]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PcCtlCom;Trend Micro Central Control Component; D:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [2007-01-03 1922576]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Tmntsrv;Trend Micro Real-time Service; D:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [2006-12-29 480784]
R2 tmproxy;Trend Micro Proxy Service; D:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [2006-12-29 566872]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-14 492600]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe [2006-12-29 214544]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-22 138168]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-03-29 779824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 29 December 2008 - 04:03 AM

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users