| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88380 | 2008-03-25 12:27:00 | ntos.exe virus, HJT log posted, pls help, thank you. | vladmir (13538) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 652711 | 2008-03-26 21:55:00 | There is no reflection what Speedy does here.I see he does a good job.I have been removing malware for over ten years.Thats all I do on a number of websites and can spend up to eight hours a day doing it.What everybody has to realise is that the writers of malware/trojan/viruses...call them what you like, are now burying them deeper in the file system where they dont think they will be found.It all comes down to keeping up with all the files that come from this nasty stuff.As for the producers of malware cleaners,like Combofix, I am intouch with them every day to see whats new.As you can see from my above post there are a lot of hidden files to come out.One can no longer rely on HJT to list all the nasty files anymore.As for Speedy I say, keep up the good work and if I can help you in any way...just shout.There are even websites that will train anyone interested in removing malware. | Pancake (6359) | ||
| 652712 | 2008-03-26 23:51:00 | Totally agree that HJT doesn't catch it all, I do this every day as well. BUT combofix is not the "be all to end all" There has been many times that I have used combofix, add in what ever is needed, then other antispyware or antivirus programs detect /remove infections - you often need several to clean a PC fully (or best humanly possible) even then sometimes the system is so badly damaged it can not be repaired, so the best answer is to save any data and reinstall the OS / Programs. I know what its like trying to clean out this rubbish, and some times a person may miss something that another knows - no one knows every thing, but I do have a lot of respect for people who this all the time - its "interesting work" sometimes to see what the next hiding "trick" will be. |
wainuitech (129) | ||
| 652713 | 2008-03-27 05:59:00 | Ok, as instructed, the new logfile + new HJT log is below: ComboFix 08-03-25 . 2 - USER 2008-03-27 11:20:02 . 2 - NTFSx86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 657 [GMT 5 . 5:30] Running from: C:\Documents and Settings\USER\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\USER\Desktop\CFScript . txt * Created a new restore point FILE :: C:\WINDOWS\system32\1555cb3216c66d3 . exe C:\WINDOWS\system32\17ec337a2bae731a . exe C:\WINDOWS\system32\1cc616b1e525cd2 . exe C:\WINDOWS\system32\1e682b0145114e13 . exe C:\WINDOWS\system32\26766b03676b79a6 . exe C:\WINDOWS\system32\28f4138955369f . exe C:\WINDOWS\system32\29baca294b4895 . exe C:\WINDOWS\system32\2a874ddf582154df . exe C:\WINDOWS\system32\37e65fa41a16009 . exe C:\WINDOWS\system32\39d46f71653c6dc9 . exe C:\WINDOWS\system32\39e64c55dcc60b7 . exe C:\WINDOWS\system32\40036d30653f698e . exe C:\WINDOWS\system32\41d13b62661b580b . exe C:\WINDOWS\system32\56ea7e4e5a40c9 . exe C:\WINDOWS\system32\571246d67547527d . exe C:\WINDOWS\system32\611373ca44684957 . exe C:\WINDOWS\system32\67a21b0223da7448 . exe C:\WINDOWS\system32\6a3762998771e8 . exe C:\WINDOWS\system32\6bc720094bd66948 . exe C:\WINDOWS\system32\72f3938485471c2 . exe C:\WINDOWS\system32\7ba574e9421c61fb . exe C:\WINDOWS\system32\7fdd204e27bf4ee9 . exe C:\WINDOWS\system32\lknqtkjepsjed . bmp C:\WINDOWS\system32\mmax_goog . ini C:\WINDOWS\Thumbs . db . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Internet Logs\BACKUP . RDB C:\WINDOWS\Internet Logs\fwdbglog . txt C:\WINDOWS\Internet Logs\fwpktlog . txt C:\WINDOWS\Internet Logs\IAMDB . RDB C:\WINDOWS\Internet Logs\safePrograms . xml C:\WINDOWS\Internet Logs\tvDebug . log C:\WINDOWS\Internet Logs\USER . ldb C:\WINDOWS\Internet Logs\xDB1 . tmp C:\WINDOWS\Internet Logs\xDB10 . tmp C:\WINDOWS\Internet Logs\xDB11 . tmp C:\WINDOWS\Internet Logs\xDB12 . tmp C:\WINDOWS\Internet Logs\xDB13 . tmp C:\WINDOWS\Internet Logs\xDB14 . tmp C:\WINDOWS\Internet Logs\xDB15 . tmp C:\WINDOWS\Internet Logs\xDB16 . tmp C:\WINDOWS\Internet Logs\xDB2 . tmp C:\WINDOWS\Internet Logs\xDB3 . tmp C:\WINDOWS\Internet Logs\xDB4 . tmp C:\WINDOWS\Internet Logs\xDB5 . tmp C:\WINDOWS\Internet Logs\xDB6 . tmp C:\WINDOWS\Internet Logs\xDB7 . tmp C:\WINDOWS\Internet Logs\xDB8 . tmp C:\WINDOWS\Internet Logs\xDB9 . tmp C:\WINDOWS\Internet Logs\xDBA . tmp C:\WINDOWS\Internet Logs\xDBB . tmp C:\WINDOWS\Internet Logs\xDBC . tmp C:\WINDOWS\Internet Logs\xDBD . tmp C:\WINDOWS\Internet Logs\xDBE . tmp C:\WINDOWS\Internet Logs\xDBF . tmp C:\WINDOWS\Internet Logs\ZALog . txt C:\WINDOWS\Internet Logs\ZALog2007 . 11 . 29 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 11 . 30 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 01 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 02 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 03 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 04 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 05 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 06 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 07 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 10 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 11 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 12 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 13 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 14 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 15 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 17 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 18 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 20 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 21 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 23 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 25 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 26 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 27 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 28 . txt C:\WINDOWS\Internet Logs\ZALog2007 . 12 . 30 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 01 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 02 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 03 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 04 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 05 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 06 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 08 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 09 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 10 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 11 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 12 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 13 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 14 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 15 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 16 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 17 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 19 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 20 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 21 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 22 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 23 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 24 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 26 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 27 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 28 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 29 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 30 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 01 . 31 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 02 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 03 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 04 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 06 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 07 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 08 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 09 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 10 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 11 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 12 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 13 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 14 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 15 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 16 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 17 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 19 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 20 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 21 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 22 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 24 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 25 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 26 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 27 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 28 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 02 . 29 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 01 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 02 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 03 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 04 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 05 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 06 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 07 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 08 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 10 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 11 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 12 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 13 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 14 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 15 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 17 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 18 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 19 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 20 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 21 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 22 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 23 . txt C:\WINDOWS\Internet Logs\ZALog2008 . 03 . 25 . txt C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_23_22_26_53 . dmp . zip C:\WINDOWS\system32\1555cb3216c66d3 . exe C:\WINDOWS\system32\17ec337a2bae731a . exe C:\WINDOWS\system32\1cc616b1e525cd2 . exe C:\WINDOWS\system32\1e682b0145114e13 . exe C:\WINDOWS\system32\26766b03676b79a6 . exe C:\WINDOWS\system32\28f4138955369f . exe C:\WINDOWS\system32\29baca294b4895 . exe C:\WINDOWS\system32\2a874ddf582154df . exe C:\WINDOWS\system32\37e65fa41a16009 . exe C:\WINDOWS\system32\39d46f71653c6dc9 . exe C:\WINDOWS\system32\39e64c55dcc60b7 . exe C:\WINDOWS\system32\40036d30653f698e . exe C:\WINDOWS\system32\41d13b62661b580b . exe C:\WINDOWS\system32\56ea7e4e5a40c9 . exe C:\WINDOWS\system32\571246d67547527d . exe C:\WINDOWS\system32\611373ca44684957 . exe C:\WINDOWS\system32\67a21b0223da7448 . exe C:\WINDOWS\system32\6a3762998771e8 . exe C:\WINDOWS\system32\6bc720094bd66948 . exe C:\WINDOWS\system32\72f3938485471c2 . exe C:\WINDOWS\system32\7ba574e9421c61fb . exe C:\WINDOWS\system32\7fdd204e27bf4ee9 . exe C:\WINDOWS\system32\lknqtkjepsjed . bmp C:\WINDOWS\system32\mmax_goog . ini C:\WINDOWS\Thumbs . db C:\WINDOWS\Internet Logs . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) . 2008-03-27 11:22 . 2008-03-27 11:22 269,334 --a------ C:\WINDOWS\system32\badkfetoretgn . bmp 2008-03-27 11:15 . 2008-03-27 11:15 269,334 --a------ C:\WINDOWS\system32\dgfil . bmp 2008-03-26 16:18 . 2008-03-26 16:18 269,334 --a------ C:\WINDOWS\system32\gnadof . bmp 2008-03-26 14:25 . 2008-03-26 14:25 269,334 --a------ C:\WINDOWS\system32\kbahsbqpcjel . bmp 2008-03-26 12:22 . 2008-03-26 12:22 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-26 12:15 . 2008-03-26 12:30 <DIR> d-------- C:\SDFix 2008-03-25 16:45 . 2008-03-25 16:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-25 16:45 . 2008-03-25 16:45 812,344 --a------ C:\HJTInstall . exe 2008-03-25 14:49 . 2008-03-25 14:49 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent . ex e 2008-03-08 18:42 . 2008-03-08 18:42 <DIR> d-------- C:\Program Files\Net4India 2008-03-08 18:42 . 2008-03-27 11:19 72 --a------ C:\WINDOWS\Net4Connect . INI 2008-03-08 18:41 . 1998-06-17 00:00 929,844 --------- C:\WINDOWS\system32\Mfc42d . dll 2008-03-08 18:41 . 1998-06-17 00:00 798,773 --------- C:\WINDOWS\system32\Mfco42d . dll 2008-03-08 18:41 . 1998-06-17 00:00 516,173 --------- C:\WINDOWS\system32\Msvcp60d . dll 2008-03-08 18:41 . 1998-06-17 00:00 385,100 --------- C:\WINDOWS\system32\Msvcrtd . dll 2008-03-08 18:41 . 1998-06-17 00:00 41,013 --------- C:\WINDOWS\system32\Mfcn42d . dll 2008-03-04 11:18 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1 . SYS 2008-03-04 11:18 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1 . sys 2008-03-03 16:17 . 2008-03-03 16:20 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Winamp 2008-03-03 16:17 . 2007-03-08 05:21 129,784 --------- C:\WINDOWS\system32\pxafs . dll 2008-03-03 16:17 . 2007-03-08 05:21 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k . sys 2008-03-03 16:17 . 2007-03-08 05:21 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp . sys 2008-02-29 11:18 . 2008-02-29 11:18 <DIR> d-------- C:\Program Files\LizardTech . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-23 17:11 --------- d-----w C:\Program Files\Folder Lock 2008-03-03 10:50 --------- d-----w C:\Program Files\Winamp 2008-03-03 07:50 --------- d-----w C:\Program Files\FlashGet 2008-03-03 06:26 --------- d-----w C:\Program Files\SpywareBlaster 2008-02-29 05:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-18 10:00 --------- d-----w C:\Program Files\DivX 2008-02-18 09:56 --------- d-----w C:\Program Files\SlySoft 2008-02-18 09:55 --------- d-----w C:\Documents and Settings\USER\Application Data\BeautifulEarth 2008-02-17 10:20 --------- d-sh--r C:\Program Files\Real Spy Monitor 2008-01-05 10:40 798,720 ----a-w C:\WINDOWS\GPInstall . exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer"="VTTimer . exe" [2006-09-21 17:06 53248 C:\WINDOWS\system32\VTTimer . exe] "S3Trayp"="S3trayp . exe" [2007-08-06 18:49 200704 C:\WINDOWS\system32\S3Trayp . exe] "RTHDCPL"="RTHDCPL . EXE" [2007-08-10 16:21 16384000 C:\WINDOWS\RTHDCPL . exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh . exe" [2007-05-24 20:03 864256] "GenePccMon . exe"="C:\Program Files\Genesys Logic PC Camera Device\GenePccMon . exe" [2007-09-12 19:48 32768] "ESB"="C:\WINDOWS\system32\ESB . EXE" [2006-05-29 14:40 266240] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched . exe" [2007-11-29 11:02 185784] "WinampAgent"="C:\Program Files\Winamp\winampa . exe" [2008-01-16 04:24 37376] "BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent . ex e" [2008-03-25 14:49 18432] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader . exe . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader . exe . lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader . exe . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch . lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil . lnk backup=C:\WINDOWS\pss\BlueSoleil . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick . lnk backup=C:\WINDOWS\pss\WinZip Quick Pick . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^DeskPins . lnk] path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\DeskPins . lnk backup=C:\WINDOWS\pss\DeskPins . lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2007-11-29 11:02 214448 C:\Program Files\Real\RealPlayer\realplay . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1 . 6 . 0_03\bin\jusched . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-29 11:02 185784 C:\Program Files\Common Files\Real\Update_OB\realsched . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 04:24 37376 C:\Program Files\Winamp\winampa . exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil . exe"= R3 DCamUSBGene;GenesysLogic USB2 . 0 PC Camera;C:\WINDOWS\system32\DRIVERS\usbgene . sys [2007-06-26 14:44] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm . sys [2007-09-18 14:28] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv . sys [2006-12-20 16:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs cb34336532 sb24640532 . ************************************************** ************************ catchme 0 . 3 . 1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-03-27 11:22:42 Windows 5 . 1 . 2600 Service Pack 2 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . disk error: C:\WINDOWS\ ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe . ************************************************** ************************ . Completion time: 2008-03-27 11:24:14 - machine was rebooted ComboFix-quarantined-files . txt 2008-03-27 05:53:21 ComboFix2 . txt 2008-03-26 07:24:25 __________________________________________________ ______________ Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 11:29:02 AM, on 3/27/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\ZoneLabs\vsmon . exe C:\WINDOWS\system32\VTTimer . exe C:\WINDOWS\system32\S3trayp . exe C:\WINDOWS\RTHDCPL . EXE C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Program Files\Genesys Logic PC Camera Device\GenePccMon . exe C:\WINDOWS\system32\ESB . EXE C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Program Files\Winamp\winampa . exe C:\WINDOWS\system32\BluetoothAuthorizationAgent . ex e C:\WINDOWS\explorer . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Program Files\Net4India\Net4Connect . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch . dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar . dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin . dll O4 - HKLM\ . . \Run: [VTTimer] VTTimer . exe O4 - HKLM\ . . \Run: [S3Trayp] S3trayp . exe O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [GenePccMon . exe] C:\Program Files\Genesys Logic PC Camera Device\GenePccMon . exe O4 - HKLM\ . . \Run: [ESB] C:\WINDOWS\system32\ESB . EXE O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [WinampAgent] "C:\Program Files\Winamp\winampa . exe" O4 - HKLM\ . . \Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent . ex e O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all . htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link . htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_03\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget . exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O17 - HKLM\System\CCS\Services\Tcpip\ . . \{D0F61396-ECBB-4A89-B15A-EACFE89765E9}: NameServer = 10 . 24 . 0 . 2,xxx . 71 . xxx . 36 O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon . exe -- End of file - 4713 bytes |
vladmir (13538) | ||
| 652714 | 2008-03-27 06:06:00 | im a little worried, am i doing everything correctly? lol, because the 'you have spyware' wallpaper is still on, even after reboot! In the meantime waiting for your reply Pancake,im going to install Avast! antivirus software, i hope that is ok. |
vladmir (13538) | ||
| 652715 | 2008-03-27 06:13:00 | Install rogueremover in my sig, see if that picks up / removes anything | Speedy Gonzales (78) | ||
| 652716 | 2008-03-27 06:31:00 | Install rogueremover in my sig, see if that picks up / removes anything holy $h!t, Avast! picked up 11 infected files during initial boot scan. ill try rogueremover shortly. |
vladmir (13538) | ||
| 652717 | 2008-03-27 06:37:00 | holy $h!t, Avast! picked up 11 infected files during initial boot scan. ill try rogueremover shortly. Edit:"Congratulations, RogueRemover did not detect any items" OK, great. |
vladmir (13538) | ||
| 652718 | 2008-03-27 06:40:00 | hmm do a full scan with Avast | Speedy Gonzales (78) | ||
| 652719 | 2008-03-27 06:57:00 | holy $h!t, Avast! picked up 11 infected files during initial boot scan. ill try rogueremover shortly.;) :D Hmmmmm :rolleyes: |
wainuitech (129) | ||
| 652720 | 2008-03-27 07:39:00 | My advice is that prevention is better than a cure, so after you fix it all, I advise you install a retail anti virus program (ESET's ones are the best) and follow it up with spyware doctor from google pack (free) Spybot S & D (also free) and Windows Defender (free again) Spyware Doctor is by far the most powerful app, but spybot s & d is good at pinking up rogue programs and windows defender has the advantage to be able to tap deep into windows since it is made my the people who made windows. Then you won't ever get infected again. (at least i hope not) | SPARTAN 860 (2618) | ||
| 1 2 3 4 | |||||