Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wJSQ.exe attack via Adobe Acrobat / Firefox (RePost)


  • This topic is locked This topic is locked
10 replies to this topic

#1 rserwin

rserwin

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 25 December 2008 - 11:07 AM

To Whom it May Concern:

This is a repost of a previous topic (http://www.bleepingcomputer.com/forums/topic183003.html) - for some reason, I didn't get an email letting me know about the first reply, so I have opened a new topic.

I've attached the file that was requested in the previous topic. Appreciate any feedback on what might be going on.

Regards,

Scott

Requested DDS files attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 25 December 2008 - 04:50 PM

P.S: Addendum: I just found another suspicious piece of information; on the day that the reply to my original post was made (14 December), I had an issue with my Yahoo! account where I couldn't log in for a period of about 4 hours or so. I was then able to log in and everything seemed fine. But I never saw the automatic email notification to this topic. I may be paranoid, but I'm worried that someone may have been accessing my Yahoo! account and deleted that email.

In any event, I've changed passwords a few times since then, but if I have a key-logger or something like that on the machine, I anticipate that wouldn't do much good.

Just to be safe, I'll check the board directly this time once per day. Thanks again for the help.

Scott

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:33 AM

Posted 07 January 2009 - 12:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE


Please Hold on it may take us a day or so to get back with you.
We are inundated with requests.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 07 January 2009 - 10:22 PM

KoanYorel:

I had actually already done what you requested (attached above). Both files are attached below per instructions.

Please let me know what to do next. Understand how busy you are, and thanks.

Rick

Attached Files



#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 08 January 2009 - 02:50 AM

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply, please include:
-The log from Malwarebytes' Anti-Malware.
- A new HijackThis log
Posted Image
Proud member of ASAP since 2007

#6 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 08 January 2009 - 08:03 AM

Rosty:

Did what you indicated - Malwarebyte's program found six items, all of which were successfully quarantined & deleted. I've attached the requested files.

Let me know what, if anything, to do next.

Rick

Attached Files



#7 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 08 January 2009 - 08:14 AM

Please disable Teatimer as it may interfere with the fix.
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Note: You can re-enable it once your system is clean!!

open HijackThis, click do a scan only and place a check next to the following entries:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - S-1-5-18 Startup: SyncBack.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: SyncBack.lnk.disabled (User 'Default user')
O4 - Startup: SyncBack.lnk.disabled

If you, Spybot S&D or someone else did not set the next I suggest you place a check next them to:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.

Reboot and post a new Hijackthis log. Let me know how things are running.
Posted Image
Proud member of ASAP since 2007

#8 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 08 January 2009 - 11:58 PM

Rosty:

OK, I did what you asked, with one hitch.

I disabled Tea Timer per the instructions & rebooted.

I ran Hijack This; examining what was listed, I found:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - Startup: SyncBack.lnk.disabled

Which I checked to be fixed per your instructions. However the other two entries you provided:

O4 - S-1-5-18 Startup: SyncBack.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: SyncBack.lnk.disabled (User 'Default user')

were not present on the listing for me to check.

The remaining two items (the restrictions) are, I believe, due to the fact that I had Norton AV lock IE's setttings (after I had a virus reset my homepage once and then lock the settings on me). I actually don't use IE much - I use Firefox.

In any event, I then rebooted per the instructions. The results of a new Hijackthis logfile are below. I've also re-enabled Tea Timer for now.

If I'm clean, can you let me know what was on the machine (again, I'm worried about a keylogger). If you don't have enough info to know, no problem.

If I'm not clean, please let me know what to do next.

Thanks again,

Rick

=================
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2009-01-08 21:49:39
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 53 GB (46%) free of 114 GB
Total RAM: 495 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:56 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Anti-Virus & Anti-Spyware Programs\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17c7ccf8f577ad...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7812 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
C:\WINNT\tasks\SyncBack My Documents Backup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-11 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-04-26 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2008-02-06 718704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-14 1809648]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
HOTSYNCSHORTCUTNAME.lnk.disabled - C:\Program Files\Palm\Hotsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-14 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-11-17 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-07-09 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software

Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Disabled:Netscape"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:Lphant"
"G:\Downloads\utorrent.exe"="G:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"G:\Downloads\uTorrent\utorrent.exe"="G:\Downloads\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"G:\Downloads\Peer-2-Peer\uTorrent\utorrent.exe"="G:\Downloads\Peer-2-Peer\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe"="C:\Program Files\GeneWeb-4.09\gw\gwsetup.exe:*:Enabled:gwsetup"
"C:\Program Files\GeneWeb-4.09\gw\gwd.exe"="C:\Program Files\GeneWeb-4.09\gw\gwd.exe:*:Enabled:gwd"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered

Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"C:\Program Files\Palm\Hotsync.exe"="C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application"
"K:\gangsters2.exe"="K:\gangsters2.exe:*:Disabled:Gangsters 2"
"C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters 2\Gangsters2.exe"="C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters

2\Gangsters2.exe:*:Disabled:Gangsters 2"
"C:\Program Files\Cyberlink\PowerDirector\PDR.exe"="C:\Program Files\Cyberlink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a966979b-82c8-11dd-895e-000cf1e2e54f}]
shell\AutoRun\command - J:\Launch.exe


======List of files/folders created in the last 1 months======

2009-01-08 06:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\ChessBase
2009-01-08 05:15:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-08 05:15:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-08 05:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-03 20:36:58 ----D---- C:\Documents and Settings\Owner\Application Data\ChessBase
2008-12-28 11:08:48 ----A---- C:\WINNT\QTW.bak
2008-12-27 09:03:13 ----A---- C:\WINNT\QTW.ini
2008-12-27 08:58:57 ----D---- C:\Program Files\Riven
2008-12-11 22:46:43 ----D---- C:\Documents and Settings\Owner\Application Data\Amazon
2008-12-11 22:46:00 ----D---- C:\Program Files\Amazon
2008-12-09 21:39:16 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2008-12-09 21:38:58 ----HDC---- C:\WINNT\$NtUninstallKB955839$
2008-12-09 21:36:19 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2008-12-09 21:35:57 ----HDC---- C:\WINNT\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-08 21:48:18 ----D---- C:\WINNT\Temp
2009-01-08 21:47:41 ----D---- C:\WINNT\system32\CatRoot2
2009-01-08 21:45:10 ----A---- C:\WINNT\SchedLgU.Txt
2009-01-08 21:43:35 ----D---- C:\Program Files\Mozilla Firefox
2009-01-08 21:36:00 ----D---- C:\WINNT\Prefetch
2009-01-08 21:22:47 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-08 21:07:45 ----D---- C:\WINNT
2009-01-08 21:07:40 ----D---- C:\Program Files\Symantec
2009-01-08 21:07:40 ----A---- C:\WINNT\system32\S32EVNT1.DLL
2009-01-08 21:07:10 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-01-08 06:47:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-08 06:47:52 ----A---- C:\WINNT\win.ini
2009-01-08 06:47:51 ----RD---- C:\Program Files
2009-01-08 06:47:49 ----RSD---- C:\WINNT\Fonts
2009-01-08 06:46:53 ----SHD---- C:\WINNT\Installer
2009-01-08 06:45:16 ----D---- C:\WINNT\WinSxS
2009-01-08 06:45:09 ----D---- C:\Program Files\Common Files
2009-01-08 05:15:24 ----D---- C:\WINNT\system32\drivers
2009-01-07 09:54:29 ----AD---- C:\WINNT\system32
2009-01-07 09:53:39 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2009-01-06 05:15:31 ----D---- C:\Program Files\a-squared Free
2008-12-31 03:33:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-28 11:08:23 ----D---- C:\WINNT\system
2008-12-28 11:00:22 ----D---- C:\Program Files\Shareaza
2008-12-28 10:53:10 ----D---- C:\Program Files\IrfanView
2008-12-27 15:30:15 ----D---- C:\Program Files\WinISO
2008-12-22 18:47:01 ----A---- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
2008-12-19 08:30:20 ----D---- C:\Program Files\Starcraft
2008-12-18 03:01:49 ----HD---- C:\WINNT\inf
2008-12-18 03:01:41 ----RSHD---- C:\WINNT\system32\dllcache
2008-12-18 03:01:38 ----D---- C:\WINNT\ie7updates
2008-12-18 03:00:49 ----HD---- C:\WINNT\$hf_mig$
2008-12-13 07:19:18 ----A---- C:\WINNT\cdplayer.ini
2008-12-12 23:40:02 ----A---- C:\WINNT\system32\mshtml.dll
2008-12-09 21:39:25 ----A---- C:\WINNT\imsins.BAK
2008-12-09 21:37:45 ----D---- C:\Program Files\Internet Explorer
2008-12-09 16:24:38 ----A---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 Avg7Core;AVG7 Kernel; C:\WINNT\System32\Drivers\avg7core.sys [2007-11-14 821856]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINNT\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 AvgClean;AVG7 Clean Driver; C:\WINNT\System32\Drivers\avgclean.sys [2008-01-02 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2006-10-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-03 2560]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2004-04-13 285824]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINNT\system32\drivers\DVDVRRdr_xp.sys [2004-04-13 140416]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2004-04-13 117248]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINNT\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\WINNT\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINNT\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R1 UDFReadr;UDFReadr; C:\WINNT\system32\drivers\UDFReadr.sys [2004-04-13 198528]
R2 Aspi32;Aspi32; C:\WINNT\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 MaVctrl;MaVctrl; C:\WINNT\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R2 MCSTRM;MCSTRM; C:\WINNT\system32\drivers\MCSTRM.sys [2004-07-16 8413]
R2 symlcbrd;symlcbrd; \??\C:\WINNT\system32\drivers\symlcbrd.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-11-20 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-11-20 99002]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2004-04-13 23680]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
R3 IntelC51;IntelC51; C:\WINNT\System32\DRIVERS\IntelC51.sys [2003-07-16 1075685]
R3 IntelC52;IntelC52; C:\WINNT\System32\DRIVERS\IntelC52.sys [2003-07-16 481305]
R3 IntelC53;IntelC53; C:\WINNT\System32\DRIVERS\IntelC53.sys [2003-07-16 50805]
R3 mohfilt;mohfilt; C:\WINNT\System32\DRIVERS\mohfilt.sys [2003-07-16 31440]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.022\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SYMDNS;SYMDNS; C:\WINNT\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINNT\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINNT\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINNT\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINNT\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINNT\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINNT\system32\Drivers\COH_Mon.sys []
S3 mamm9000mi00;mamm9000mi00; C:\WINNT\System32\Drivers\ma9kmi00.sys [2006-06-07 48724]
S3 mamm9000mi01;mamm9000mi01; C:\WINNT\System32\Drivers\ma9kmi01.sys [2006-06-07 48724]
S3 MaRdPnp;MaRdPnp; C:\WINNT\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINNT\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
S3 MintonD5;Minton D5 USB Digital Camera; C:\WINNT\System32\Drivers\MintonD5.sys []
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2004-04-13 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2003-07-25 28256]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\WINNT\system32\DRIVERS\MXOFX.SYS [2003-04-14 32512]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 ndiscm;Motorola SurfBoard USB Cable Modem Windows 2000 Driver; C:\WINNT\System32\DRIVERS\NetMotCM.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINNT\system32\drivers\PalmUSBD.sys [2007-12-06 16694]
S3 SDTHOOK;SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINNT\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINNT\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINNT\system32\drivers\tbhsd.sys [2006-06-21 15488]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S3 Wdm1;USB Bridge Cable Driver; C:\WINNT\System32\Drivers\usbbc.sys [2001-01-07 15576]
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-01-04 419448]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-11-14 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-11-14 49664]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-08 272024]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-04-26 1245064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24

70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]

-----------------EOF-----------------

#9 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 January 2009 - 02:20 AM

Hi,

those logs looks clean to me. How are things running.

The entries that I let remove you where leftovers from the earlier infections you hadded.
Posted Image
Proud member of ASAP since 2007

#10 rserwin

rserwin
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 09 January 2009 - 09:51 AM

Rosty:

Computer's running fine (although it was running fine before the fixes). I guess I'm good to go. Thanks very much for all the help!

Rick

#11 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 January 2009 - 09:56 AM

Your computer now seems to be clean.

  • Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All. Then remove the check mark for cookies
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  • Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  • Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
  • Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.
  • Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above.

  • Please check out Tony Klein's article "How did I get infected in the first place?"
Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users