Malware Win32.Agent.pz--Urgent Help

View previous topic View next topic Go down

Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 2:24 am

I ran my Antivirus an coul not fin this virus but when I ran Spybot it tells me that my computer has two entries of Win32.Agent.pz in my registry which is a malware...Please help me completely remove it from my system.

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 2:49 am

I ran Malware bytes an this is the logfile

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 3

9/16/2009 9:48:01 PM
mbam-log-2009-09-16 (21-47-48).txt

Scan type: Quick Scan
Objects scanned: 102075
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Deepa\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\wtl32locale.dll (Trojan.Agent) -> No action taken.

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 3:09 am

I removed the selected and restarte my computer and after ram malwarebytes again an this is the logfile

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 3

9/16/2009 10:07:29 PM
mbam-log-2009-09-16 (22-07-29).txt

Scan type: Quick Scan
Objects scanned: 102148
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


does the above mean its gone? please help

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 17th September 2009, 3:13 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 4:07 am

ok

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 4:46 am

here is the Combofix log txt

ComboFix 09-09-16.02 - Deepa 09/16/2009 23:10.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.420 [GMT -5:00]
Running from: c:\documents and settings\Deepa\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\recycler\S-1-5-21-2000478354-1935655697-839522115-500
c:\recycler\S-1-5-21-2823752601-3194716430-1139259701-500
c:\recycler\S-1-5-21-3368456305-730258004-1853410020-500
c:\windows\Installer\26f6e34.msi
c:\windows\Installer\c8a98a.msi
c:\windows\Installer\e99165.msi
c:\windows\kb913800.exe
c:\windows\UA000106.DLL

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-17 04:25 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-17 04:25 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-17 04:25 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-17 04:25 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-09-17 03:17 . 2009-09-17 03:18 5154304 ----a-w- C:\WindowsDefender.msi
2009-09-17 02:37 . 2009-09-17 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 02:26 . 2009-09-17 02:26 4045528 ----a-w- C:\mbam-setup.exe
2009-09-15 03:17 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-15 03:17 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-14 14:03 . 2009-09-14 14:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 14:03 . 2009-09-14 14:03 4938616 ----a-w- C:\Silverlight.exe
2009-09-12 00:45 . 2009-09-12 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 16:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 01:02 . 2009-09-07 01:02 -------- d-----w- c:\documents and settings\Deepa\Application Data\Xilisoft Corporation
2009-09-07 01:02 . 2009-09-07 01:02 -------- d-----w- c:\program files\Xilisoft
2009-09-06 02:06 . 2009-09-06 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-09-06 02:05 . 2008-04-02 02:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-09-06 02:05 . 2008-04-02 02:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-09-06 02:05 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-09-06 02:05 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-09-06 02:05 . 2008-04-02 02:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-09-06 02:05 . 2008-04-02 02:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-09-06 02:04 . 2009-09-06 02:04 -------- d-----w- c:\program files\Windows Media Components
2009-09-06 02:02 . 2009-09-06 02:04 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-08-31 17:03 . 2009-08-31 17:03 -------- d-----w- c:\documents and settings\Deepa\Application Data\webex
2009-08-31 17:02 . 2009-08-31 17:02 -------- d-----w- c:\windows\Sun
2009-08-20 02:32 . 2009-08-20 02:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 02:32 . 2009-08-20 02:32 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 03:06 . 2008-07-07 02:47 -------- d-----w- c:\documents and settings\Deepa\Application Data\uTorrent
2009-09-17 02:37 . 2008-07-30 05:09 7168 --sha-w- c:\program files\Thumbs.db
2009-09-17 01:56 . 2007-09-27 01:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-17 00:34 . 2008-11-28 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-16 01:19 . 2007-07-01 22:29 -------- d-----w- c:\program files\Kundli
2009-09-13 03:06 . 2008-02-07 22:12 -------- d-----w- c:\program files\downloads
2009-09-07 05:05 . 2008-03-22 18:19 -------- d-----w- c:\program files\Common Files\Real
2009-09-07 01:02 . 2008-07-07 03:54 67224 ----a-w- c:\documents and settings\Deepa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 14:01 . 2009-01-30 22:30 -------- d-----w- c:\documents and settings\Deepa\Application Data\Ulead Systems
2009-09-06 02:08 . 2009-01-30 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-06 02:05 . 2006-06-20 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 02:02 . 2009-04-19 21:30 -------- d-----w- c:\program files\Corel
2009-08-31 20:24 . 2009-03-01 19:13 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-12 19:45 . 2009-08-12 19:44 -------- d-----w- c:\program files\Ultra RM Converter
2009-08-10 04:51 . 2009-05-07 18:22 -------- d-----w- c:\program files\Replay Video Capture
2009-08-05 15:00 . 2009-04-30 00:31 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2006-06-20 09:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-22 19:39 . 2009-07-22 19:39 -------- d-----w- c:\program files\MSECache
2009-07-21 01:45 . 2008-02-07 22:34 -------- d-----w- c:\program files\multimedia
2009-07-17 19:01 . 2006-06-20 09:02 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2006-06-20 09:03 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 23:56 . 2006-07-12 00:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-01 17:09 . 2009-07-01 17:09 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-01 17:09 . 2009-07-01 17:09 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-26 16:50 . 2006-06-20 09:03 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-06-20 09:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2008-07-30 00:48 . 2008-07-29 23:36 88 --sh--r- c:\windows\system32\96BED014D3.sys
2009-02-26 05:35 . 2008-07-29 23:36 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - c:\program files\2Wire Wireless\Client Manager\CMTWO.EXE [2008-1-2 323584]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-20 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RTHDCPL"=RTHDCPL.EXE
"farstone"=
"nwiz"=nwiz.exe /install
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" --logon
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\installs\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/27/2006 2:00 AM 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/20/2006 3:01 AM 29056]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [12/27/2007 10:23 PM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 7:31 PM 108289]
S3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [6/20/2006 6:59 AM 45056]
S4 Bscrr_lmn;Bscrr_lmn;c:\windows\system32\drivers\AegisP.sys [6/20/2006 4:56 AM 20747]
.
Contents of the 'Scheduled Tasks' folder

2008-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 13:47]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394046492-3908304094-923156054-1011Core.job
- c:\documents and settings\Deepa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 14:21]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Deepa\Application Data\Mozilla\Firefox\Profiles\42cws0hp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Deepa\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-Bytescout SWF To Video Scout (demo)_is1 - c:\program files\Bytescout SWF To Video Scout\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-16 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-17 23:37
ComboFix-quarantined-files.txt 2009-09-17 04:37

Pre-Run: 48,597,307,392 bytes free
Post-Run: 48,390,602,752 bytes free

176 --- E O F --- 2009-09-15 06:47

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 4:55 am

what do I do now....Can I turn my antivirus and spybot on?

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 17th September 2009, 5:12 am

Hi

I see you are running a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 5:28 am

hi,

here is the Malwarebytes log txt:

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 3

9/17/2009 12:27:23 AM
mbam-log-2009-09-17 (00-27-23).txt

Scan type: Quick Scan
Objects scanned: 101391
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 17th September 2009, 9:06 am

Hi

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


==

Please post the results of the ESET scan and the Checkup log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 1:27 pm

ok

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 17th September 2009, 3:14 pm

hi,

here are the log for both eset scanner and security checkup

ESET Scanner Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=e9d31f9b250ae440b7f727cd80a2b909
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-17 03:02:04
# local_time=2009-09-17 10:02:04 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 37 100 100 849439050267
# compatibility_mode=2817 63 100 75 654477784687500
# scanned=317652
# found=0
# cleaned=0
# scan_time=6695


Security Checkup Log

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ClamWin Free Antivirus 0.91.2


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


Also I am receiving something called security has been terminated everytime I shut down an log into the computer...Why is that..it just starte happening last night

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 12:51 am

Hi

Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Java is out of date.

Download the newest version from here [You must be registered and logged in to see this link.].

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them:
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

==

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /u



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


==

In your next reply, please tell me how your computer is running, after you did all of the above. Also, tell of any strange activity. Any strange activity can be a sign of more malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 2:17 am

When I did it all and restarted my computer and came to where I had to log in...another account called.ASP Network popped up with password protected....then after logging in...it still gave message that security setting have been modified and this will be terminated...I am scared...don't know what is wrong and I have videos and stuff on my comp saved that I do not want harmed.

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 2:29 am

Please re-download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 3:16 am

hi,

here is the ComboFix log

ComboFix 09-09-17.04 - Deepa 09/17/2009 21:54.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.568 [GMT -5:00]
Running from: c:\documents and settings\Deepa\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-18 01:58 . 2009-09-18 02:09 -------- d-----w- c:\windows\system32\NtmsData
2009-09-18 01:30 . 2009-09-18 01:30 747520 ----a-w- C:\MicrosoftFixit50198.msi
2009-09-17 04:25 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-17 04:25 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-17 04:25 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-09-17 04:25 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-09-17 03:17 . 2009-09-17 03:18 5154304 ----a-w- C:\WindowsDefender.msi
2009-09-17 02:37 . 2009-09-18 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 02:26 . 2009-09-17 02:26 4045528 ----a-w- C:\mbam-setup.exe
2009-09-15 03:17 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-15 03:17 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-14 14:03 . 2009-09-14 14:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 14:03 . 2009-09-14 14:03 4938616 ----a-w- C:\Silverlight.exe
2009-09-12 00:45 . 2009-09-12 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 16:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 01:02 . 2009-09-07 01:02 -------- d-----w- c:\documents and settings\Deepa\Application Data\Xilisoft Corporation
2009-09-07 01:02 . 2009-09-07 01:02 -------- d-----w- c:\program files\Xilisoft
2009-09-06 02:06 . 2009-09-06 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-09-06 02:05 . 2008-04-02 02:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-09-06 02:05 . 2008-04-02 02:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-09-06 02:05 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-09-06 02:05 . 2008-04-02 02:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-09-06 02:05 . 2008-04-02 02:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-09-06 02:05 . 2008-04-02 02:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-09-06 02:04 . 2009-09-06 02:04 -------- d-----w- c:\program files\Windows Media Components
2009-09-06 02:02 . 2009-09-06 02:04 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-08-31 17:03 . 2009-08-31 17:03 -------- d-----w- c:\documents and settings\Deepa\Application Data\webex
2009-08-31 17:02 . 2009-08-31 17:02 -------- d-----w- c:\windows\Sun
2009-08-20 02:32 . 2009-08-20 02:32 410984 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 01:56 . 2008-07-07 02:47 -------- d-----w- c:\documents and settings\Deepa\Application Data\uTorrent
2009-09-18 01:52 . 2008-07-07 03:54 67224 ----a-w- c:\documents and settings\Deepa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 01:35 . 2008-11-28 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-17 22:02 . 2008-07-30 05:09 7168 --sha-w- c:\program files\Thumbs.db
2009-09-17 01:56 . 2007-09-27 01:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 01:19 . 2007-07-01 22:29 -------- d-----w- c:\program files\Kundli
2009-09-13 03:06 . 2008-02-07 22:12 -------- d-----w- c:\program files\downloads
2009-09-07 05:05 . 2008-03-22 18:19 -------- d-----w- c:\program files\Common Files\Real
2009-09-06 14:01 . 2009-01-30 22:30 -------- d-----w- c:\documents and settings\Deepa\Application Data\Ulead Systems
2009-09-06 02:08 . 2009-01-30 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-06 02:05 . 2006-06-20 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 02:02 . 2009-04-19 21:30 -------- d-----w- c:\program files\Corel
2009-08-31 20:24 . 2009-03-01 19:13 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-12 19:45 . 2009-08-12 19:44 -------- d-----w- c:\program files\Ultra RM Converter
2009-08-10 04:51 . 2009-05-07 18:22 -------- d-----w- c:\program files\Replay Video Capture
2009-08-05 15:00 . 2009-04-30 00:31 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2006-06-20 09:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-22 19:39 . 2009-07-22 19:39 -------- d-----w- c:\program files\MSECache
2009-07-21 01:45 . 2008-02-07 22:34 -------- d-----w- c:\program files\multimedia
2009-07-17 19:01 . 2006-06-20 09:02 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2006-06-20 09:03 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 23:56 . 2006-07-12 00:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-01 17:09 . 2009-07-01 17:09 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-01 17:09 . 2009-07-01 17:09 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-26 16:50 . 2006-06-20 09:03 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-06-20 09:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2008-07-30 00:48 . 2008-07-29 23:36 88 --sha-r- c:\windows\system32\96BED014D3.sys
2009-02-26 05:35 . 2008-07-29 23:36 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - c:\program files\2Wire Wireless\Client Manager\CMTWO.EXE [2008-1-2 323584]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-20 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RTHDCPL"=RTHDCPL.EXE
"farstone"=
"nwiz"=nwiz.exe /install
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" --logon
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\installs\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/27/2006 2:00 AM 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/20/2006 3:01 AM 29056]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [12/27/2007 10:23 PM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 7:31 PM 108289]
S3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [6/20/2006 6:59 AM 45056]
S4 Bscrr_lmn;Bscrr_lmn;c:\windows\system32\drivers\AegisP.sys [6/20/2006 4:56 AM 20747]
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-09-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 13:47]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394046492-3908304094-923156054-1011Core.job
- c:\documents and settings\Deepa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 14:21]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Deepa\Application Data\Mozilla\Firefox\Profiles\42cws0hp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Deepa\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-17 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-09-18 22:11
ComboFix-quarantined-files.txt 2009-09-18 03:10
ComboFix2.txt 2009-09-17 04:37

Pre-Run: 54,402,543,616 bytes free
Post-Run: 54,377,463,808 bytes free

160 --- E O F --- 2009-09-15 06:47

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 3:37 am


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.].
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run [color:b0d3="blue"]RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 3:59 am

hi, here are both the log and info
[b]
Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Deepa at 2009-09-17 22:52:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (58%) free of 90 GB
Total RAM: 959 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:12 PM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Deepa\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Deepa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6476 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3394046492-3908304094-923156054-1011Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-09-07 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-26 7561216]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-08 16712]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 198160]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-04-02 868352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-02 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\installs\utorrent.exe"="C:\installs\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe"="C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-17 22:52:51 ----D---- C:\rsit
2009-09-17 22:40:05 ----D---- C:\Program Files\Enigma Software Group
2009-09-17 22:11:40 ----D---- C:\WINDOWS\temp
2009-09-17 22:11:35 ----A---- C:\ComboFix.txt
2009-09-17 21:52:47 ----A---- C:\WINDOWS\zip.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\SWSC.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\SWREG.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\sed.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\PEV.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-17 21:52:47 ----A---- C:\WINDOWS\grep.exe
2009-09-17 21:52:41 ----D---- C:\ComboFix
2009-09-17 21:52:20 ----D---- C:\Qoobox
2009-09-17 20:58:22 ----D---- C:\WINDOWS\system32\NtmsData
2009-09-16 23:40:51 ----D---- C:\WINDOWS\Prefetch
2009-09-16 23:25:12 ----A---- C:\WINDOWS\system32\proquota.exe
2009-09-16 23:25:09 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-09-16 22:57:30 ----A---- C:\Boot.bak
2009-09-16 22:57:18 ----RASHD---- C:\cmdcons
2009-09-16 22:55:03 ----D---- C:\WINDOWS\ERDNT
2009-09-16 21:37:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-16 21:26:04 ----A---- C:\mbam-setup.exe
2009-09-14 22:17:45 ----A---- C:\WINDOWS\system32\muweb.dll
2009-09-14 22:17:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-14 22:17:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-14 09:03:59 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-14 09:03:37 ----A---- C:\Silverlight.exe
2009-09-11 19:45:18 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2009-09-10 01:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 01:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 01:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-09-10 01:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-07 00:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-09-06 20:02:53 ----D---- C:\Documents and Settings\Deepa\Application Data\Xilisoft Corporation
2009-09-06 20:02:02 ----D---- C:\Program Files\Xilisoft
2009-09-05 21:06:01 ----D---- C:\Documents and Settings\All Users\Application Data\InterVideo
2009-09-05 21:05:57 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-09-05 21:05:57 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-09-05 21:05:56 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-09-05 21:05:56 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-09-05 21:05:56 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-09-05 21:05:56 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-09-05 21:04:52 ----D---- C:\Program Files\Windows Media Components
2009-09-05 21:02:39 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-09-01 21:26:26 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-01 21:26:26 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-08-31 12:03:06 ----D---- C:\Documents and Settings\Deepa\Application Data\webex
2009-08-31 12:02:22 ----D---- C:\WINDOWS\Sun
2009-08-27 01:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-23 00:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-19 21:32:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-19 21:31:40 ----D---- C:\Documents and Settings\Deepa\Application Data\Sun

======List of files/folders modified in the last 1 months======

2009-09-17 22:53:42 ----D---- C:\Documents and Settings\Deepa\Application Data\uTorrent
2009-09-17 22:40:51 ----D---- C:\WINDOWS\system32\drivers
2009-09-17 22:40:11 ----D---- C:\WINDOWS\system32
2009-09-17 22:40:05 ----RD---- C:\Program Files
2009-09-17 22:15:11 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem v6081.txt
2009-09-17 22:14:03 ----D---- C:\Program Files\Mozilla Firefox
2009-09-17 22:11:40 ----D---- C:\WINDOWS
2009-09-17 22:05:47 ----A---- C:\WINDOWS\system.ini
2009-09-17 21:59:33 ----D---- C:\WINDOWS\AppPatch
2009-09-17 21:59:16 ----D---- C:\Program Files\Common Files
2009-09-17 21:53:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-17 21:52:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-17 21:48:15 ----D---- C:\Corel Auto-Preserve
2009-09-17 21:47:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-17 21:46:26 ----D---- C:\devaki an hka ram's movies
2009-09-17 21:09:16 ----D---- C:\WINDOWS\Registration
2009-09-17 21:09:14 ----SD---- C:\WINDOWS\Tasks
2009-09-17 20:58:23 ----D---- C:\WINDOWS\system32\Restore
2009-09-17 20:58:22 ----SHD---- C:\System Volume Information
2009-09-17 20:58:21 ----D---- C:\WINDOWS\Debug
2009-09-17 20:56:49 ----D---- C:\WINDOWS\security
2009-09-17 20:44:27 ----SHD---- C:\WINDOWS\Installer
2009-09-17 20:35:33 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-17 18:49:57 ----D---- C:\My Videos
2009-09-17 17:31:07 ----RD---- C:\My Pictures
2009-09-17 13:48:05 ----D---- C:\WINDOWS\Help
2009-09-17 08:05:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-16 23:25:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-16 22:57:30 ----RASH---- C:\boot.ini
2009-09-16 20:56:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-16 19:30:38 ----HD---- C:\WINDOWS\inf
2009-09-16 08:24:27 ----D---- C:\devaki songs
2009-09-15 20:19:22 ----D---- C:\Program Files\Kundli
2009-09-15 01:47:57 ----D---- C:\WINDOWS\WinSxS
2009-09-12 22:06:10 ----D---- C:\Program Files\downloads
2009-09-11 15:04:25 ----D---- C:\installs
2009-09-10 01:46:08 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 01:46:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 01:45:54 ----D---- C:\WINDOWS\ehome
2009-09-08 21:24:44 ----D---- C:\Downloads
2009-09-07 14:13:26 ----D---- C:\Corel Auto-Preserve11
2009-09-07 00:06:29 ----A---- C:\WINDOWS\cdplayer.ini
2009-09-07 00:05:33 ----D---- C:\Program Files\Common Files\Real
2009-09-07 00:05:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-07 00:05:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-06 09:01:37 ----D---- C:\Documents and Settings\Deepa\Application Data\Ulead Systems
2009-09-05 21:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-09-05 21:05:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-05 21:04:38 ----RSD---- C:\WINDOWS\Fonts
2009-09-05 21:02:38 ----D---- C:\Program Files\Corel
2009-09-03 11:15:04 ----D---- C:\Documents and Settings\Deepa\Application Data\Real
2009-09-02 17:16:18 ----D---- C:\My Music
2009-09-02 09:43:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-25 08:05:44 ----D---- C:\Documents and Settings\Deepa\Application Data\Adobe
2009-08-25 08:05:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-23 16:43:59 ----D---- C:\WINDOWS\Minidump
2009-08-23 00:29:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 20:04:11 ----D---- C:\AVERATEC
2009-08-22 09:16:14 ----RSD---- C:\WINDOWS\assembly
2009-08-22 00:52:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 00:47:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-22 00:47:25 ----D---- C:\WINDOWS\system32\en-us
2009-08-22 00:43:54 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_600_12507.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-20 20747]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 Machnm32;Machnm32 Driver; \??\C:\WINDOWS\system32\Machnm32.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-25 1145728]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 catchme;catchme; \??\C:\DOCUME~1\Deepa\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-26 3659968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 11136]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-20 363008]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PhnxVcd;PhnxVcd; C:\WINDOWS\System32\Drivers\PhnxVcd.sys [2005-02-25 45056]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Bscrr_lmn;Bscrr_lmn; C:\WINDOWS\system32\drivers\AegisP.sys [2006-06-20 20747]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-26 143427]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-16 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-09 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

-----------------EOF-----------------

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 4:00 am

Info log

[b]info.txt logfile of random's system information tool 1.06 2009-09-17 22:54:24

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client Manager V3.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD81BDE-FB56-4B2B-A98D-34E381286B7F}\Setup.exe" -l0x9
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Agere Systems HDA Modem v6081-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
ClamWin Free Antivirus 0.91.2-->"C:\Program Files\ClamWin\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iSpring Free 3.2.0-->"C:\Program Files\iSpring Free 3\unins000.exe"
Juniper Networks Secure Application Manager-->C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
Kundli for Windows (Professional Edition)-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Kundli\DeIsL1.isu" -c"C:\Program Files\Kundli\_ISREG32.DLL"
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O2Micro Flash Memory Card Windows Driver V2.04-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB1B0104-6A57-446F-B855-FDF49151BE0C} /l1033
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Replay Video Capture-->"C:\WINDOWS\Replay Video Capture\uninstall.exe" "/U:C:\Program Files\Replay Video Capture\Uninstall\uninstall.xml"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Ultra RM Converter 4.0.1127-->"C:\Program Files\Ultra RM Converter\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2008-08-02]
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [2008-08-02]
O9 - Extra button: Extract Flash Video with Bytescout... - {6BD02ED8-0E1B-42C5-AC99-33EC46A555A2} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html (file missing) [2008-08-16]
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) [2008-08-26]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-27]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] [2008-08-27]
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe [2008-08-27]
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe [2008-09-07]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Deepa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2008-11-24]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] [2008-12-16]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-12-16]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-01-06]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-01-06]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) [2009-01-06]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) [2009-01-06]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) [2009-01-12]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) [2009-01-12]
O20 - AppInit_DLLs: qqigjb.dll [2009-01-20]
O20 - Winlogon Notify: ssqQjJDs - ssqQjJDs.dll (file missing) [2009-01-20]
O2 - BHO: (no name) - {D1CED83B-379F-4FD6-9B33-C80FD80F9EA6} - C:\WINDOWS\system32\qoMcArOF.dll (file missing) [2009-01-20]
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [2009-03-03]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-03-03]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-03-10]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-03-10]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-03-10]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-03-30]
O2 - BHO: Microsoft Video Converter - {18E3AB25-0B4D-4523-B4F7-40E74D441CC7} - %SystemRoot%\system32\wtl32locale.dll (file missing) [2009-04-11]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-04-11]
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-04-13]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-04-17]
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [2009-04-29]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-04-29]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-04-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.] [2009-05-22]
O4 - HKCU\..\RunOnce: [ypagerps1] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps1.DLL" [2009-05-22]
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [2009-05-22]
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-05-22]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] [2009-05-22]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] [2009-05-22]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.] [2009-05-22]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-05-23]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-05-23]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2009-05-23]
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2009-05-23]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-05-23]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-05-23]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-05-23]
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2009-05-23]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-05]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-07-05]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-05]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-05]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-11]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-07-11]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-07-11]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-07-11]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-11]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-07-23]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Deepa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-07-23]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-07-23]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-23]
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE [2009-08-10]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-08-10]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-08-20]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-20]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-08-20]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-31]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-09-15]
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe [2009-09-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-15]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-16]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-09-16]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-09-16]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-16]
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-09-16]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-09-17]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 hityou.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 180searchassistant.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 180solutions.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: DEEPAC
Event Code: 7024
Message: The Media Center Extender Service service terminated with service-specific error 2147500037 (0x80004005).

Record Number: 3133
Source Name: Service Control Manager
Time Written: 20090917210911.000000-300
Event Type: error
User:

Computer Name: DEEPAC
Event Code: 3095
Message: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Record Number: 3130
Source Name: NETLOGON
Time Written: 20090917210903.000000-300
Event Type: error
User:

Computer Name: DEEPAC
Event Code: 7000
Message: The COM+ System Application service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 3127
Source Name: Service Control Manager
Time Written: 20090917210224.000000-300
Event Type: error
User:

Computer Name: DEEPAC
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

Record Number: 3126
Source Name: Service Control Manager
Time Written: 20090917210224.000000-300
Event Type: error
User:

Computer Name: DEEPAC
Event Code: 7023
Message: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The media is write protected.


Record Number: 3125
Source Name: Service Control Manager
Time Written: 20090917210224.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"HPA"=0
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 4:51 am

Hi

Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePatch setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

==

Do you use HijackThis on your own, normally?

Please tell me the results of the scan and how your computer is running. Still those errors? There is no more malware on the system.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 1:45 pm

Hi,

When I go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion I do not see a setup.....what do I do now

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 6:05 pm

Did you expand the Current Version plus sign when looking?

Here is how it should expand:

+ HKEY_LOCAL_MACHINE
----+ Software
--------+ Microsoft
------------+ Windows
---------------+ Current Version
------------------- > Setup


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 6:08 pm

sorry i made sure again and now i see it

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 6:20 pm

Please perform an in-place upgrade of Windows: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 6:27 pm

i was running sfc /scannow and it tells me I need to insert the Windows XP Service Pack 3 that I had updated...now what do I do as I do not have a CD for it

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 6:31 pm

Also I see something called dllhost.exe and PSI_Licensing Service 2 under processes in task bar manager...what are these....Tried ending llhost.exe but it keeps coming back

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 6:34 pm

Your Registry is highly damaged. Probably by malware in the past. The infections are gone, but it seems like malware did some damage. The only way to fix it is a reinstall of Windows.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 6:52 pm

ok.

Here is the hijackthis log u asked for before

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:14 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6593 bytes

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 6:58 pm

This log is clean. Since you are not willing to follow my advice, or at least attempt to seem like you are following it, we will finish up here. My recommendation was found above. Sorry this has not been the result you want. It is usually our last resort and we usually never ask anyone to do a reinstall, if we are not sure of it. I was sure of it. I will give you software recommendations to prevent malware.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 18th September 2009, 7:23 pm

I have been following your instruction an yes was not the result I was looking for but I thank u for helping me....As of now, till atleast a few days I will have to wait for my brother to come so he can help me with reinstalling Windows as I am scared to do it by myself.

Also what is this PSIServices_License 2...is there anyway it can be ended from coming up in processes in task bar manger....also this DLLhost.exe

There a few softwares that I had downloaded but later removed but when one of my cousins had used a backup registry as my flash did not work...the removed softwares came back an are shown in add and remove programs....Now it tells me I cannot delete them as some files are missing...Is there anyway I can get rid of it

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by Dr Jay on 18th September 2009, 9:13 pm

Hi

I would suggest to not end those processes, and wait to make system changes. I am sure the problems will work themselves out, once the system gets fixed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Win32.Agent.pz--Urgent Help

Post by uvita on 19th September 2009, 12:46 am

ok...thanks for your help

uvita
Intermediate
Intermediate

Posts Posts : 163
Joined Joined : 2009-01-06
OS OS : Windows Vista with Media Edition
Points Points : 29900
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum