Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

Trojan/spyware

Discuss Trojan/spyware in the Antivirus Protection forum on Dev Shed.
Trojan/spyware Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Page 1 of 2 1 2 >
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old August 3rd, 2007, 09:48 PM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Trojan/spyware
Hi all,

Well a week ago from today I had a young relative asking to use my laptop. Long story shore some gaming site planted a virus/trojan/something on my comp.

Was having pop-up after pop-up. Then they started appearing as banners on websites i was visiting. Then they start appearing as similar things which I had searched in google.

I ran notorns (and updated the virus database) - nothing. I put on AVG - it worked found 80 odd items. Deleted them. However the pop-ups continued. Keep finding the same trojan (Tiny something]. Kept deleting it every hour.

Then yesterday the anti-virus found another Trojan - masiy[something]. Could not delete or quarantine - a windows message would pop up.

This morning went to turn the computer on and - the windows XP page opens up, but none of the applications open. The same thing happens in safe mode.

What do I do? The issue is that I have a few personal files and loads of photos that I don't want to lose! It's a new laptop and no other computer at home.

Greatly appreciated
Reply With Quote
  #2  
Old August 3rd, 2007, 11:19 PM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 2,293 Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level) 
Time spent in forums: 2 Weeks 4 Days 10 h 7 m 37 sec
Reputation Power: 906
Welcome to DevShed.

Hi my name is Porthos, I am going to try to help you with your problem. Please take a note of a few things.

* All advice given is taken at your own risk.
* I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
* The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
* If you don't know, stop and ask! Don't keep going on.

Download HijackThis 1.99.1 from: Here
Create a new folder only for HijackThis (Example : C:\HJT).But don't let it on
your desktop or in a temp folder!
Unzip it to this folder.
The next tool will run it for you.

Next

Down load DSS to your desktop and run it.


post the 2 logs that it creates.


Due to fourm restrictions you will have to edit out the URL's before posting.

Just re read

Quote:
This morning went to turn the computer on and - the windows XP page opens up, but none of the applications open. The same thing happens in safe mode.

What do I do? The issue is that I have a few personal files and loads of photos that I don't want to lose! It's a new laptop and no other computer at home.


Are you posting from this computer???
Last edited by Porthos : August 3rd, 2007 at 11:47 PM.
Reply With Quote
  #3  
Old August 5th, 2007, 12:33 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Sorry I was using a computer from work. I have managed to get my laptop to reboot using the task manager. Since then I have downloaded TrojanHunter, SpyBot search and destrory and A-aware. They all found something and I deleted/quarantined what they found. The pop-ups are less frequent, although AVG just found Malware "Downloader.Tiny.id". This keeps poping up no matter how many times I remove it.

Anyways this is one of the logs:

Deckard's System Scanner v20070729.57
Run by Toshiba on 2007-08-04 at 19:16:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-04 19:17:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Toshiba\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =[[http]://www].google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [[http]://]go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [[http]://]by134fd.bay134.hotmail.msn.com/cgi-bin/HoTMaiL?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=f4593b351966ad95ab0ee3d7c5f6b0597565f190d6ffa1d3bcb8f3f97907439e
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [[http]://www].google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [http]://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = [[http]://]go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = [[http]://]go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - C:\Program Files\McAfee.com\MPS\McBrHlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - C:\Program Files\McAfee.com\MPS\PopupKiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6ED63687-EB85-4687-A8D0-17E9792B20CA} - C:\WINDOWS\system32\khffgef.dll
O2 - BHO: (no name) - {85BDD86D-194A-4F57-903F-CC8E10F55506} - C:\WINDOWS\system32\pmkjj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\obqfencj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPSMain] TPSMain.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKEY_LOCAL_MACHINE\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\uufrlhiw.dll",forkonce
O4 - HKEY_LOCAL_MACHINE\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [http]s://webmail.piper-alderman.com.au (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () – [[http]://]codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – [[http]://]by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) – [[http]://]upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – [[http]://]fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: khffgef - C:\WINDOWS\system32\khffgef.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - "C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe"


-- Files created between 2007-07-04 and 2007-08-04 -----------------------------

2007-08-04 18:15:29 0 d-------- C:\Program Files\Lavasoft
2007-08-04 18:15:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-04 18:09:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-04 17:33:02 0 d-------- C:\Documents and Settings\Toshiba\Application Data\TrojanHunter
2007-08-04 17:19:59 0 d-------- C:\Program Files\TrojanHunter 4.7
2007-08-04 15:19:43 0 d-------- C:\WINDOWS\CSC
2007-08-03 23:25:07 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-03 23:09:57 125504 --a------ C:\WINDOWS\system32\uufrlhiw.dll
2007-08-01 22:12:38 66112 --a------ C:\WINDOWS\system32\brmcrlaf.exe
2007-08-01 21:56:08 0 d-------- C:\Documents and Settings\Toshiba\Application Data\DivX
2007-08-01 21:52:07 0 d-------- C:\Program Files\DivX
2007-08-01 21:11:00 66112 --a------ C:\WINDOWS\system32\mlhqjonb.exe
2007-08-01 20:08:01 66112 --a------ C:\WINDOWS\system32\wdakngyb.exe
2007-08-01 20:06:46 125504 --a------ C:\WINDOWS\system32\okavqcvf.dll
2007-08-01 19:59:28 66112 --a------ C:\WINDOWS\system32\wmbeipvg.exe
2007-07-31 22:03:39 798427 ---hs---- C:\WINDOWS\system32\jjkmp.ini2
2007-07-31 22:03:37 66112 --a------ C:\WINDOWS\system32\hwfcqjib.exe
2007-07-31 20:57:19 0 d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-07-31 19:45:35 66112 --a------ C:\WINDOWS\system32\seshggno.exe
2007-07-30 22:33:30 66112 --a------ C:\WINDOWS\system32\eabpkmoy.exe
2007-07-30 22:33:03 794157 ---hs---- C:\WINDOWS\system32\jjkmp.bak2
2007-07-29 23:39:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:38:04 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Grisoft
2007-07-29 13:24:57 126016 --a------ C:\WINDOWS\system32\ssmqfmtv.dll
2007-07-29 13:14:09 69184 --a------ C:\WINDOWS\system32\obqfencj.dll
2007-07-29 13:05:09 66112 --a------ C:\WINDOWS\system32\ndjwygxo.exe
2007-07-29 01:02:14 777762 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-07-29 01:01:59 228960 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-07-29 00:56:53 31254 --a------ C:\WINDOWS\system32\khffgef.dll
2007-07-29 00:56:36 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-29 00:56:36 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Vso
2007-07-29 00:56:36 47360 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-28 19:53:15 0 d-------- C:\Documents and Settings\Toshiba\Application Data\CyberLink
2007-07-28 19:33:28 0 d-------- C:\Program Files\Common Files\Moonlight
2007-07-28 19:32:49 11476 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-28 19:32:49 56 -r-hs---- C:\WINDOWS\system32\792E200A28.sys
2007-07-27 20:10:23 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Pegasys Inc
2007-07-26 22:49:06 56976 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-07-26 22:49:06 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-07-26 22:49:06 122512 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Find3M Report ---------------------------------------------------------------

2007-08-04 18:13:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 23:22:14 0 d-------- C:\Documents and Settings\Toshiba\Application Data\uTorrent
2007-08-02 23:49:44 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Skype
2007-08-01 22:43:37 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-29 22:46:05 0 d-------- C:\Documents and Settings\Toshiba\Application Data\McAfee.com Personal Firewall
2007-07-29 20:12:00 33 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.log
2007-07-29 20:11:58 1144 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.inf
2007-07-29 20:11:58 7887 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.cat
2007-07-29 20:11:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 19:33:28 0 d-------- C:\Program Files\Common Files
2007-07-26 21:55:15 0 d-------- C:\Program Files\Common Files\Elecard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ED63687-EB85-4687-A8D0-17E9792B20CA}]
29/07/2007 12:56 AM 31254 --a------ C:\WINDOWS\system32\khffgef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85BDD86D-194A-4F57-903F-CC8E10F55506}]
29/07/2007 01:02 AM 228960 --a------ C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
29/07/2007 01:14 PM 69184 --a------ C:\WINDOWS\system32\obqfencj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [27/04/2005 10:13 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 06:02 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 12:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 11:41 AM]
"TPSMain"="TPSMain.exe" [31/05/2005 09:00 PM C:\WINDOWS\system32\TPSMain.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [30/06/2006 09:54 AM]
"VX3000"="C:\WINDOWS\vVX3000.exe" [30/06/2006 09:55 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 11:49 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 09:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 05:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 11:05 AM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [30/03/2006 01:31 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 09:26 AM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 01:49 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 03:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 05:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [29/07/2007 11:39 PM]
"SystemOptimizer"="C:\WINDOWS\system32\uufrlhiw.dll" [03/08/2007 11:09 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [23/06/2007 12:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 06:32 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29/07/2006 06:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [23/04/2007 06:38 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6ED63687-EB85-4687-A8D0-17E9792B20CA}"= C:\WINDOWS\system32\khffgef.dll [29/07/2007 12:56 AM 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffgef]
khffgef.dll 29/07/2007 12:56 AM 31254 C:\WINDOWS\system32\khffgef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj]
C:\WINDOWS\system32\pmkjj.dll 29/07/2007 01:02 AM 228960 C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 05/05/2006 05:48 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\Protector Suite QL\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e97b5442-366d-11dc-9930-00037af56eea}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2007-08-04 at 19:19:06 ---------

Greatly appreciated,

Marc
Reply With Quote
  #4  
Old August 5th, 2007, 01:00 AM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 2,293 Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level) 
Time spent in forums: 2 Weeks 4 Days 10 h 7 m 37 sec
Reputation Power: 906
Lets get to fixin.
You have macafee and nod32 running on your system. Please choose one and uninstall the other. 2 AV programs can conflict use more rescources and and actually provide less protection.

Please download Vundofix From Here
to your desktop.

* Double-click
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Also
Download ComboFix from HERE
IMPORTANT !!! Place it on your Desktop.
• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog AND the vundo fix log.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Last edited by Porthos : August 5th, 2007 at 01:08 AM.
Reply With Quote
  #5  
Old August 5th, 2007, 02:07 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
The trojan which McAfee keeps finding is - File: masiyxanidi[1] and the Trojan name is Generic AfClicker.d

ComboFix 07-08-04.3 - "Toshiba" 2007-08-05 15:58:37.1 [GMT 10:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\brmcrlaf.exe
C:\WINDOWS\system32\eabpkmoy.exe
C:\WINDOWS\system32\hwfcqjib.exe
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jjkmp.tmp
C:\WINDOWS\system32\khffgef.dll
C:\WINDOWS\system32\mlhqjonb.exe
C:\WINDOWS\system32\ndjwygxo.exe
C:\WINDOWS\system32\obqfencj.dll
C:\WINDOWS\system32\seshggno.exe
C:\WINDOWS\system32\wdakngyb.exe
C:\WINDOWS\system32\wmbeipvg.exe


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-05 15:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 15:20 125,504 --a------ C:\WINDOWS\system32\fcqhaogr.dll
2007-08-04 18:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-04 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-04 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-04 17:36 <DIR> d-------- C:\Deckard
2007-08-04 17:33 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\TrojanHunter
2007-08-04 17:19 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-08-04 15:19 <DIR> d-------- C:\WINDOWS\CSC
2007-08-01 21:56 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\DivX
2007-08-01 21:52 <DIR> d-------- C:\Program Files\DivX
2007-08-01 20:06 125,504 --a------ C:\WINDOWS\system32\okavqcvf.dll
2007-07-31 20:57 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-07-29 23:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 13:24 126,016 --a------ C:\WINDOWS\system32\ssmqfmtv.dll
2007-07-29 01:01 228,960 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-07-29 00:56 87,608 --a------ C:\DOCUME~1\Toshiba\APPLIC~1\inst.exe
2007-07-29 00:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-29 00:56 47,360 --a------ C:\DOCUME~1\Toshiba\APPLIC~1\pcouffin.sys
2007-07-29 00:56 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Vso
2007-07-28 19:53 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\CyberLink
2007-07-28 19:33 <DIR> d-------- C:\Program Files\Common Files\Moonlight
2007-07-28 19:32 56 -r-hs---- C:\WINDOWS\system32\792E200A28.sys
2007-07-28 19:32 11,476 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-27 20:10 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Pegasys Inc
2007-07-26 22:49 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-07-26 22:49 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-07-26 22:49 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 20:12 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Skype
2007-08-04 18:13 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 23:22 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\uTorrent
2007-08-01 22:43 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-29 22:46 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\McAfee.com Personal Firewall
2007-07-29 20:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-26 21:55 --------- d-------- C:\Program Files\Common Files\Elecard
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 19:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2004-08-04 12:00:00 587,776 --sha-r C:\WINDOWS\system32\usnesvc.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3F59092-BCA1-413B-81DC-208540415E6B}]
2007-07-29 01:02 228960 --a------ C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 10:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 09:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 09:55]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 13:31]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 15:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-29 23:39]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 18:32]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 18:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-04-23 18:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 16:19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj]
C:\WINDOWS\system32\pmkjj.dll 2007-07-29 01:02 228960 C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\Protector Suite QL\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

R1 meiudf;meiudf;C:\WINDOWS\system32\Drivers\meiudf.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 FdRedir;FdRedir;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
R2 FileDisk2;FileDisk Protector Kernel Driver;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe"
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 smihlp;SMI helper driver;\??\C:\Program Files\Protector Suite QL\smihlp.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
R3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
R3 TVALD;Toshiba Mobile PC Service;C:\WINDOWS\system32\DRIVERS\NBSMI.sys
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies;C:\WINDOWS\system32\DRIVERS\Tvs.sys
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [http:]//[www].gmer.net
Rootkit scan 2007-08-05 16:08:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 16:59:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 16:58

--- E O F ---
Reply With Quote
  #6  
Old August 5th, 2007, 04:06 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Okay here you go.

Vundo:
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\windows\system32\lcinjayf.exe
C:\WINDOWS\system32\pmkjj.dll

HiJackThis

Deckard's System Scanner v20070729.57
Run by Toshiba on 2007-08-05 at 19:03:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Toshiba.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:38 PM, on 5/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Toshiba\Desktop\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Toshiba\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Toshiba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]://by134fd.bay134.hotmail.msn.com/cgi-bin/HoTMaiL?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=f4593b351966ad95ab0ee3d7c5f6b0597565f190d6ffa1d3bcb8f3f97907439e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [http]://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [http]://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B3F59092-BCA1-413B-81DC-208540415E6B} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\naavsido.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\mipvxooe.dll",forkonce
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [http]://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [http]://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [http]://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11024 bytes

-- Files created between 2007-07-05 and 2007-08-05 -----------------------------

2007-08-05 19:02:21 0 d-------- C:\Program Files\Trend Micro
2007-08-05 17:19:11 125504 --a------ C:\WINDOWS\system32\mipvxooe.dll
2007-08-05 17:16:13 69184 --a------ C:\WINDOWS\system32\naavsido.dll
2007-08-05 17:10:01 0 d-------- C:\VundoFix Backups
2007-08-05 15:20:12 125504 --a------ C:\WINDOWS\system32\fcqhaogr.dll
2007-08-04 18:15:29 0 d-------- C:\Program Files\Lavasoft
2007-08-04 18:15:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-04 18:09:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-04 17:33:02 0 d-------- C:\Documents and Settings\Toshiba\Application Data\TrojanHunter
2007-08-04 17:19:59 0 d-------- C:\Program Files\TrojanHunter 4.7
2007-08-04 15:19:43 0 d-------- C:\WINDOWS\CSC
2007-08-01 21:56:08 0 d-------- C:\Documents and Settings\Toshiba\Application Data\DivX
2007-08-01 21:52:07 0 d-------- C:\Program Files\DivX
2007-08-01 20:06:46 125504 --a------ C:\WINDOWS\system32\okavqcvf.dll
2007-07-31 20:57:19 0 d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-07-29 23:39:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:38:04 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Grisoft
2007-07-29 13:24:57 126016 --a------ C:\WINDOWS\system32\ssmqfmtv.dll
2007-07-29 00:56:36 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-29 00:56:36 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Vso
2007-07-29 00:56:36 47360 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-28 19:53:15 0 d-------- C:\Documents and Settings\Toshiba\Application Data\CyberLink
2007-07-28 19:33:28 0 d-------- C:\Program Files\Common Files\Moonlight
2007-07-28 19:32:49 11476 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-28 19:32:49 56 -r-hs---- C:\WINDOWS\system32\792E200A28.sys
2007-07-27 20:10:23 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Pegasys Inc
2007-07-26 22:49:06 56976 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-07-26 22:49:06 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-07-26 22:49:06 122512 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Find3M Report ---------------------------------------------------------------

2007-08-04 20:12:05 0 d-------- C:\Documents and Settings\Toshiba\Application Data\Skype
2007-08-04 18:13:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 23:22:14 0 d-------- C:\Documents and Settings\Toshiba\Application Data\uTorrent
2007-08-01 22:43:37 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-29 22:46:05 0 d-------- C:\Documents and Settings\Toshiba\Application Data\McAfee.com Personal Firewall
2007-07-29 20:12:00 33 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.log
2007-07-29 20:11:58 1144 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.inf
2007-07-29 20:11:58 7887 --a------ C:\Documents and Settings\Toshiba\Application Data\pcouffin.cat
2007-07-29 20:11:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 19:33:28 0 d-------- C:\Program Files\Common Files
2007-07-26 21:55:15 0 d-------- C:\Program Files\Common Files\Elecard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3F59092-BCA1-413B-81DC-208540415E6B}]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
05/08/2007 05:16 PM 69184 --a------ C:\WINDOWS\system32\naavsido.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [27/04/2005 10:13 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/03/2006 06:02 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 12:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 11:41 AM]
"TPSMain"="TPSMain.exe" [31/05/2005 09:00 PM C:\WINDOWS\system32\TPSMain.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [30/06/2006 09:54 AM]
"VX3000"="C:\WINDOWS\vVX3000.exe" [30/06/2006 09:55 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [10/08/2005 11:49 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 09:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 05:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [11/01/2006 11:05 AM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [30/03/2006 01:31 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 09:26 AM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 01:49 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 03:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 05:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [29/07/2007 11:39 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [23/06/2007 12:19 AM]
"SystemOptimizer"="C:\WINDOWS\system32\mipvxooe.dll" [05/08/2007 05:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 06:32 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29/07/2006 06:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [23/04/2007 06:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [3/02/2006 4:19:10 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 05/05/2006 05:48 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\Protector Suite QL\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2007-08-05 at 19:04:09 ---------
Reply With Quote
  #7  
Old August 5th, 2007, 08:16 AM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 2,293 Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level) 
Time spent in forums: 2 Weeks 4 Days 10 h 7 m 37 sec
Reputation Power: 906
Ok, Lets move on.


Quote:
The trojan which McAfee keeps finding is - File: masiyxanidi[1] and the Trojan name is Generic AfClicker.d


What was the file path of this warning? Please post that for me please.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Ugrading Java:

* Download the latest version of Java Runtime Environment (JRE) 6u2. HERE
* Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java version.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on the download to install the newest version

Next
Fix these with HiJackThis – mark them, close IE, click fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]://by134fd.bay134.hotmail.msn.com/cgi-bin/HoTMaiL?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=f4593b351966ad95ab0ee3d7c5f6b0597565f190d6ffa1d3bcb8f3f97907439e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [http]://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [http]://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {B3F59092-BCA1-413B-81DC-208540415E6B} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\naavsido.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\mipvxooe.dll",forkonce



Next
Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

Quote:
Files to delete:
C:\WINDOWS\system32\fcqhaogr.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\792E200A28.sys
C:\WINDOWS\system32\okavqcvf.dll
C:\WINDOWS\system32\usnesvc.exe
C:\WINDOWS\system32\naavsido.dll
C:\WINDOWS\system32\mipvxooe.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\windows\system32\lcinjayf.exe
C:\WINDOWS\system32\pmkjj.dll



* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

After all of that please re run Vundofix and Please post the contents of C:\vundofix.txt
Do the same with combofix When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog AND the vundo fix log.

Please delete dss as we shouldnt need it anymore.

After this there will be more to do hold on tight.
Comments on this post
aitken325i agrees: Excellent
Last edited by Porthos : August 7th, 2007 at 08:51 AM.
Reply With Quote
  #8  
Old August 7th, 2007, 05:08 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Ok Porthos here it goes. Thanks in advance.

Please note that this file (R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank) was not there the first time I ran Hijack this. It was there the second time though.

Also the I beleive this was the file path warning was C:\windows\system32\lcinjayf.exe - same file as the avenger log.

Many thanks in advance.


Marc
Reply With Quote
  #9  
Old August 7th, 2007, 05:10 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qbfoyvrp

*******************

Script file located at: \??\C:\WINDOWS\lacbwwvf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\fcqhaogr.dll deleted successfully.


File C:\WINDOWS\system32\pmkjj.dll not found!
Deletion of file C:\WINDOWS\system32\pmkjj.dll failed!

Could not process line:
C:\WINDOWS\system32\pmkjj.dll
Status: 0xc0000034

File C:\WINDOWS\system32\792E200A28.sys deleted successfully.
File C:\WINDOWS\system32\okavqcvf.dll deleted successfully.
File C:\WINDOWS\system32\usnesvc.exe deleted successfully.
File C:\WINDOWS\system32\naavsido.dll deleted successfully.
File C:\WINDOWS\system32\mipvxooe.dll deleted successfully.


File C:\WINDOWS\system32\jjkmp.bak1 not found!
Deletion of file C:\WINDOWS\system32\jjkmp.bak1 failed!

Could not process line:
C:\WINDOWS\system32\jjkmp.bak1
Status: 0xc0000034



File C:\WINDOWS\system32\jjkmp.ini not found!
Deletion of file C:\WINDOWS\system32\jjkmp.ini failed!

Could not process line:
C:\WINDOWS\system32\jjkmp.ini
Status: 0xc0000034



File C:\windows\system32\lcinjayf.exe not found!
Deletion of file C:\windows\system32\lcinjayf.exe failed!

Could not process line:
C:\windows\system32\lcinjayf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\pmkjj.dll not found!
Deletion of file C:\WINDOWS\system32\pmkjj.dll failed!

Could not process line:
C:\WINDOWS\system32\pmkjj.dll
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost|Usnsvc usnsvc
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost|Usnsvc usnsvc failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Reply With Quote
  #10  
Old August 7th, 2007, 05:11 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 5:10:01 PM 5/08/2007

Listing files found while scanning....

C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\windows\system32\lcinjayf.exe
C:\WINDOWS\system32\pmkjj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 6:57:47 PM 5/08/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 7:29:07 PM 7/08/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 7:33:22 PM 7/08/2007

Listing files found while scanning....

No infected files were found.
Reply With Quote
  #11  
Old August 7th, 2007, 05:12 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
ComboFix 07-08-04.3 - "Toshiba" 2007-08-07 19:38:26.4 [GMT 10:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-05 19:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-05 17:10 <DIR> d-------- C:\VundoFix Backups
2007-08-05 15:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 18:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-04 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-04 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-04 17:36 <DIR> d-------- C:\Deckard
2007-08-04 17:33 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\TrojanHunter
2007-08-04 17:19 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-08-04 15:19 <DIR> d-------- C:\WINDOWS\CSC
2007-08-01 21:56 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\DivX
2007-08-01 21:52 <DIR> d-------- C:\Program Files\DivX
2007-07-31 20:57 <DIR> d-------- C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro
2007-07-29 23:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 13:24 126,016 --a------ C:\WINDOWS\system32\ssmqfmtv.dll
2007-07-29 00:56 87,608 --a------ C:\DOCUME~1\Toshiba\APPLIC~1\inst.exe
2007-07-29 00:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-29 00:56 47,360 --a------ C:\DOCUME~1\Toshiba\APPLIC~1\pcouffin.sys
2007-07-29 00:56 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Vso
2007-07-28 19:53 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\CyberLink
2007-07-28 19:33 <DIR> d-------- C:\Program Files\Common Files\Moonlight
2007-07-28 19:32 11,476 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-27 20:10 <DIR> d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Pegasys Inc
2007-07-26 22:49 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-07-26 22:49 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-07-26 22:49 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 20:12 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\Skype
2007-08-04 18:13 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 23:22 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\uTorrent
2007-08-01 22:43 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-29 22:46 --------- d-------- C:\DOCUME~1\Toshiba\APPLIC~1\McAfee.com Personal Firewall
2007-07-29 20:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-26 21:55 --------- d-------- C:\Program Files\Common Files\Elecard
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 19:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 10:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 09:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 09:55]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 13:31]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 15:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-29 23:39]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 18:32]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 18:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-04-23 18:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 16:19:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\Protector Suite QL\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

R1 meiudf;meiudf;C:\WINDOWS\system32\Drivers\meiudf.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 FdRedir;FdRedir;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
R2 FileDisk2;FileDisk Protector Kernel Driver;\??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe"
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 smihlp;SMI helper driver;\??\C:\Program Files\Protector Suite QL\smihlp.sys
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
R3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
R3 TVALD;Toshiba Mobile PC Service;C:\WINDOWS\system32\DRIVERS\NBSMI.sys
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies;C:\WINDOWS\system32\DRIVERS\Tvs.sys
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 19:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore]
"Count"=dword:00001d7f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\iexplore]
"Count"=dword:00001d7f
"Blocked"=dword:00001d7f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8255F-E043-4CAE-8B3B-B191550C2A22}\iexplore]
"Count"=dword:00001d7e
"Blocked"=dword:00001d7e
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\iexplore]
"Count"=dword:00001d7f
"Blocked"=dword:00001d7e
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F}\iexplore]
"Count"=dword:000000ab
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CA3D70E-1895-11CF-8E15-001234567890}\iexplore]
"Count"=dword:00001d7e
"Blocked"=dword:00001d7f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore]
"Count"=dword:00000011

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 19:39:47
C:\ComboFix-quarantined-files.txt ... 2007-08-07 19:39
C:\ComboFix2.txt ... 2007-08-05 16:59

--- E O F ---
Reply With Quote
  #12  
Old August 7th, 2007, 05:15 AM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
Logfile of HijackThis v1.99.1
Scan saved at 8:14:59 PM, on 7/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Toshiba\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Reply With Quote
  #13  
Old August 7th, 2007, 08:56 AM
Porthos's Avatar
Porthos Porthos is offline
Malware Warrior /AV forum Mod
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Nov 2006
Location: San Antonio Tx
Posts: 2,293 Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level)Porthos User rank is General (90000 - 100000 Reputation Level) 
Time spent in forums: 2 Weeks 4 Days 10 h 7 m 37 sec
Reputation Power: 906
Looking good,
Next

Please download and install SUPERAntiSpyware from here
• Load SUPERAntiSpyware and click the Check for Updates button.
• Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
• Open SUPERAntiSpyware and click the Scan your Computer button.
• Check Perform Complete Scan and then click Next.
• SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
• Make sure that they all have a check next to them, and then click Next.
• Click Finish and you will be taken back to the main interface.
• It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
• I'll need a log afterwards of what has been found.
• To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
• Please post the results of the SUPERAntiSpyware login your next reply.


Go HERE and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
Reply With Quote
  #14  
Old August 7th, 2007, 08:40 PM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/08/2007 at 09:55 AM

Application Version : 3.9.1008

Core Rules Database Version : 3280
Trace Rules Database Version: 1291

Scan type : Complete Scan
Total Scan Time : 00:41:23

Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 5760
Registry threats detected : 0
File items scanned : 36515
File threats detected : 111

Adware.Tracking Cookie
C:\Documents and Settings\Toshiba\Cookies\toshiba@ads.fishingmonthly.com[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@4.adbrite[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@msnportal.112.2o7[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ads.adbrite[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@tradedoubler[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ad1.clickhype[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@doubleclick[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@112.2o7[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@statcounter[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@cpvfeed[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@media.sensis.com[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@partypoker[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ads.ak.facebook[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@mediaplex[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@tribalfusion[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@partygaming.122.2o7[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@revsci[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ad.scanmedios[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@heavycom.122.2o7[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@adbrite[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@indextools[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@acvs.mediaonenetwork[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@stats1.reliablestats[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ehg-pcsecurityshield.hitbox[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@drivecleaner[3].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@casalemedia[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@zedo[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@media.fastclick[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@bs.serving-sys[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@atdmt[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@lynxtrack[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@www.amaena[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@hitbox[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@winantivirus[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@imrworldwide[3].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@pamedia.com[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@goal.adbureau[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@mediaonenetwork[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@server.iad.liveperson[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@sensismediasmart.com[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@fastclick[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@ad.yieldmanager[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@adtech[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@www.googleadservices[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@adecn[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@599.stats.misstrends[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@acvs.mediaonenetwork[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@ad.zanox[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adecn[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adopt.hbmediapro[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@ads.expedia[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@ads.fishingmonthly.com[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@ads.revsci[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adserver.adreactor[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adultadworld[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adultfriendfinder[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@adultsins[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@alb-warez[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@apmebf[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@azjmp[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@clickaider[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@clickshift[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@cracker.com[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@drivecleaner[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@eas.apm.emediate[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@easywarez[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@euros4click[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@expedia.gravitytrack[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@ffxcam.cracker.com[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@goal.adbureau[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@imrworldwide[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@indextools[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@interclick[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@keywordmax[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@m3.tradersmedia[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@media.adrevolver[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@media.sensis.com[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@mediaonenetwork[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@nextag[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@pacificpoker[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@pamedia.com[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@partypoker[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@phazeporn[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@pornorip[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@sensismediasmart.com[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@sexyshare[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@statse.webtrendslive[3].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@statse.webtrendslive[4].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@toplist[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@tracker.pegsanalytics[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@usenext[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@warlog[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.3dstats[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.adultfilmcentral[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.alb-warez[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.banneradmin.rai[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.clicktorrent[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.directdl[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.easywarez[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.fullreleases[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.infinitewarez[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.pornfarm[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.poweradvertising[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www.xxxtorrent[2].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@www3.addfreestats[1].txt
C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\Cookies\toshiba@xiti[1].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@drivecleaner[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@imrworldwide[2].txt
C:\Documents and Settings\Toshiba\Cookies\toshiba@www.drivecleaner[2].txt

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043886.DLL
Reply With Quote
  #15  
Old August 7th, 2007, 08:42 PM
Marc_s Marc_s is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 13 Marc_s User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 49 m 59 sec
Reputation Power: 0
BitDefender Online Scanner

Scan report generated at: Wed, Aug 08, 2007 - 11:35:32

Scan path: C:\;D:\;

Statistics

Time
01:02:55

Files
273406

Folders
4657

Boot Sectors
3

Archives
10143

Packed Files
15138

Results

Identified Viruses
2

Infected Files
25

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
25




Engines Info

Virus Definitions
690131

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\auorktcn.exe
Infected with: Trojan.Agent.AAOA

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\auorktcn.exe
Disinfection failed

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\auorktcn.exe
Deleted

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\cxskiost.exe
Infected with: Trojan.Agent.AAOA

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\cxskiost.exe
Disinfection failed

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\cxskiost.exe
Deleted

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\mugngrfl.exe
Infected with: Trojan.Agent.AAOA

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\mugngrfl.exe
Disinfection failed

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\mugngrfl.exe
Deleted

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\omjacjru.exe
Infected with: Trojan.Agent.AAOA

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\omjacjru.exe
Disinfection failed

C:\Deckard\System Scanner\20070804191638\backup\DOCUME~1\Toshiba\LOCALS~1\Temp\omjacjru.exe
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\brmcrlaf.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\brmcrlaf.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\brmcrlaf.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\eabpkmoy.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\eabpkmoy.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\eabpkmoy.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\hwfcqjib.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\hwfcqjib.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\hwfcqjib.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\mlhqjonb.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\mlhqjonb.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\mlhqjonb.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ndjwygxo.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\ndjwygxo.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ndjwygxo.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\seshggno.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\seshggno.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\seshggno.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\wdakngyb.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\wdakngyb.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\wdakngyb.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\wmbeipvg.exe.vir
Infected with: Trojan.Agent.AAOA

C:\QooBox\Quarantine\C\WINDOWS\system32\wmbeipvg.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\wmbeipvg.exe.vir
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP178\A0027696.dll
Infected with: Trojan.Vundo.DMJ

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP178\A0027696.dll
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043867.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043867.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043867.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043868.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043868.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043868.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043869.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043869.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043869.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043870.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043870.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043870.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043871.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043871.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043871.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043872.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043872.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043872.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043873.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043873.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043873.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043874.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043874.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP184\A0043874.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044211.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044211.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044211.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044212.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044212.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044212.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044213.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044213.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044213.exe
Deleted

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044214.exe
Infected with: Trojan.Agent.AAOA

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044214.exe
Disinfection failed

C:\System Volume Information\_restore{989D4F0A-CF2D-497D-AE9A-5EB2D7ED59BC}\RP188\A0044214.exe
Deleted
Reply With Quote
Reply
Page 1 of 2 1 2 >

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > Trojan/spyware

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump



 Free IT White Papers!
 
How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.
 
Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.
 
Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.
 
Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.
 
Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway
Stay green...Green IT