Win32/Renos.js

View previous topic View next topic Go down

Win32/Renos.js

Post by wmdogs2 on Thu Oct 22, 2009 12:30 am

Hello,
I am encountered with Rono.JS

It has disabled all my virus scanners and will not allow me to run them and not even in safe mode.

I am running Vista SP2 32-bit.

It is slowing down my computer, and having popup internet pages.

Please help me,
Thanks! Thank You!

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Dr Jay on Thu Oct 22, 2009 1:02 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by wmdogs2 on Mon Oct 26, 2009 1:49 am

C:\ComboFix.txt
Spoiler:

ComboFix 09-10-25.01 - Family 10/25/2009 7:53:59.1.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1023.326 [GMT -4:00]
Running from: C:\Users\Family\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 13:23:59 . 2009-10-25 13:23:59 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-10-25 12:18:29 . 2009-10-25 12:18:29 0 d-----w- C:\XAMPP
2009-10-25 11:53:59 . 2009-04-11 13:18:59 19944 ----a-w- C:\Windows\system32\drivers\atapi.sys
2009-10-25 11:53:59 . 2008-01-21 02:21:32 130616 ----a-w- C:\Windows\system32\drivers\vsmraid.sys
2009-10-25 11:22:59 . 2009-10-25 11:37:10 0 d-----w- C:\commy8707c
2009-10-25 11:13:59 . 2009-10-25 11:20:32 0 d-----w- C:\commy
2009-10-24 07:22:49 . 2009-10-24 07:23:03 0 d-----w- C:\Program Files\YouTube Downloader
2009-10-24 07:19:08 . 2009-10-24 07:19:55 0 d-----w- C:\Program Files\SpeedBit Video Accelerator
2009-10-23 12:07:36 . 2009-10-23 12:07:36 281760 ----a-w- C:\Windows\system32\drivers\atksgt.sys
2009-10-23 12:07:31 . 2009-10-23 12:07:31 25888 ----a-w- C:\Windows\system32\drivers\lirsgt.sys
2009-10-23 12:06:40 . 2009-10-23 12:06:40 0 d-----w- C:\Windows\system32\AGEIA
2009-10-23 12:06:35 . 2009-10-23 12:07:19 0 d-----w- C:\Program Files\AGEIA Technologies
2009-10-23 11:46:44 . 2009-10-23 11:46:44 0 d-----w- C:\Program Files\Deep Silver
2009-10-23 08:03:55 . 2009-10-23 08:15:12 0 d-----w- C:\Program Files\The Protector
2009-10-22 01:02:19 . 2009-10-23 12:04:55 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-22 01:01:30 . 2006-11-02 09:46:03 61952 ----a-w- C:\Windows\system32\CNGAUDIT.DLL.vir
2009-10-22 00:56:21 . 2006-06-19 17:01:38 69632 ----a-w- C:\Windows\system32\ztvcabinet.dll
2009-10-22 00:56:21 . 2006-05-25 19:52:46 162304 ----a-w- C:\Windows\system32\ztvunrar36.dll
2009-10-22 00:56:21 . 2005-08-26 05:50:00 77312 ----a-w- C:\Windows\system32\ztvunace26.dll
2009-10-22 00:56:21 . 2003-02-03 00:06:02 153088 ----a-w- C:\Windows\system32\UNRAR3.dll
2009-10-22 00:56:21 . 2002-03-06 05:00:00 75264 ----a-w- C:\Windows\system32\unacev2.dll
2009-10-22 00:56:17 . 2009-10-22 00:56:40 0 d-----w- C:\Program Files\Trojan Remover
2009-10-22 00:56:17 . 2009-10-22 00:56:18 0 d-----w- C:\ProgramData\Simply Super Software
2009-10-22 00:56:17 . 2009-10-22 00:56:17 0 d-----w- C:\Users\Family\AppData\Roaming\Simply Super Software
2009-10-22 00:14:44 . 2009-10-21 15:26:29 0 d-----w- C:\Root
2009-10-22 00:14:29 . 2009-10-22 00:14:29 0 d-----w- C:\Program Files\Activision
2009-10-21 20:57:39 . 2009-10-21 20:59:33 0 d-----w- C:\ProgramData\Google Updater
2009-10-21 15:27:58 . 2008-10-27 14:04:18 514384 ----a-w- C:\Windows\system32\XAudio2_3.dll
2009-10-21 15:27:58 . 2008-10-27 14:04:16 235856 ----a-w- C:\Windows\system32\xactengine3_3.dll
2009-10-21 15:27:58 . 2008-10-27 14:04:14 70992 ----a-w- C:\Windows\system32\XAPOFX1_2.dll
2009-10-21 15:27:57 . 2008-10-27 14:04:16 23376 ----a-w- C:\Windows\system32\X3DAudio1_5.dll
2009-10-21 10:46:52 . 2009-10-21 10:46:52 0 d-----w- C:\Users\Family\AppData\Roaming\Malwarebytes
2009-10-21 10:46:42 . 2009-09-10 18:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-10-21 10:46:40 . 2009-10-21 10:46:40 0 d-----w- C:\ProgramData\Malwarebytes
2009-10-21 10:46:39 . 2009-10-21 10:46:50 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-21 10:46:39 . 2009-09-10 18:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-10-21 01:11:23 . 2009-10-21 01:10:35 143872 ----a-w- C:\Windows\msa.exe.vir
2009-10-21 00:37:37 . 2009-10-22 00:04:44 0 ----a-r- C:\Windows\win32k.sys
2009-10-19 23:33:27 . 2009-10-19 23:33:27 0 d-----w- C:\Program Files\Break For Games
2009-10-18 20:17:33 . 2009-10-21 00:14:04 369188 ---ha-w- C:\Windows\system32\mlfcache.dat
2009-10-17 21:39:23 . 2008-07-11 00:28:04 50200 ----a-w- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-10-17 21:39:00 . 2008-07-11 00:28:04 79896 ----a-w- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-10-17 21:33:11 . 2009-10-17 21:33:11 0 d-----w- C:\Windows\system32\RsFx
2009-10-17 21:30:54 . 2009-10-17 21:30:54 0 d-----w- C:\Windows\system32\1033
2009-10-17 21:25:44 . 2009-10-17 21:33:21 0 d-----w- C:\Program Files\Microsoft SQL Server
2009-10-17 21:25:29 . 2009-10-17 21:25:29 0 d-----w- C:\Program Files\Microsoft Synchronization Services
2009-10-17 21:20:05 . 2009-10-17 21:25:37 0 d-----w- C:\Program Files\Microsoft Visual Studio 9.0
2009-10-17 21:19:23 . 2009-10-17 21:19:23 0 d-----w- C:\Program Files\Microsoft SDKs
2009-10-16 22:05:09 . 2009-09-30 19:45:24 59952 ----a-w- C:\Windows\system32\vnetinst.dll
2009-10-16 22:05:09 . 2009-09-30 19:45:24 16560 ----a-w- C:\Windows\system32\drivers\vmnetadapter.sys
2009-10-16 22:04:45 . 2009-10-01 00:17:54 334384 ----a-w- C:\Windows\system32\vmnetdhcp.exe
2009-10-16 22:04:33 . 2009-10-01 00:20:26 395824 ----a-w- C:\Windows\system32\vmnat.exe
2009-10-16 22:04:31 . 2009-10-01 00:20:40 26288 ----a-w- C:\Windows\system32\drivers\vmnetuserif.sys
2009-10-16 22:04:02 . 2009-09-30 19:45:24 51248 ----a-r- C:\Windows\system32\vmnetbridge.dll
2009-10-16 22:04:02 . 2009-09-30 19:45:24 36400 ----a-r- C:\Windows\system32\drivers\vmnetbridge.sys
2009-10-16 22:04:02 . 2009-09-30 19:45:24 18736 ----a-r- C:\Windows\system32\drivers\vmnet.sys
2009-10-16 22:00:55 . 2009-10-01 00:17:52 760368 ----a-w- C:\Windows\system32\vnetlib.dll
2009-10-16 21:58:21 . 2009-10-01 00:20:38 23216 ----a-w- C:\Windows\system32\drivers\VMkbd.sys
2009-10-16 21:52:11 . 2009-10-16 21:52:11 0 d-----w- C:\Program Files\Common Files\VMware
2009-10-16 21:49:07 . 2009-10-16 21:49:07 0 d-----w- C:\Program Files\VMware
2009-10-14 02:00:06 . 2009-10-14 02:00:11 0 d-----w- C:\Program Files\WinAVI MP4 Converter
2009-10-14 00:42:29 . 2009-10-14 02:30:22 0 d-----w- C:\Program Files\DoremiSoft
2009-10-13 20:41:17 . 2009-09-10 16:48:01 218624 ----a-w- C:\Windows\system32\msv1_0.dll
2009-10-13 20:40:36 . 2009-08-04 12:34:19 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-10-13 20:40:35 . 2009-08-04 12:34:19 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-10-13 20:25:11 . 2009-09-04 11:41:59 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-10-13 20:24:46 . 2009-09-14 09:29:50 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-10-13 20:20:33 . 2009-05-08 12:53:00 604672 ----a-w- C:\Windows\system32\WMSPDMOD.DLL
2009-10-13 02:55:47 . 2009-10-17 20:08:56 0 d-----w- C:\Users\Family\AppData\Roaming\VMware
2009-10-13 00:05:30 . 2009-10-25 13:30:59 0 d-----w- C:\ProgramData\VMware
2009-10-08 22:13:00 . 2009-10-08 22:13:00 0 d-----w- C:\Users\Family\AppData\Local\IsolatedStorage
2009-10-08 02:42:49 . 2009-10-08 02:42:49 0 d-----w- C:\Users\Family\AppData\Local\Ibibi_HB
2009-10-08 02:42:47 . 2009-10-08 22:15:37 0 d-----w- C:\Users\Family\AppData\Roaming\TSRWorkshop
2009-10-08 02:42:30 . 2009-10-09 22:49:25 0 d-----w- C:\Program Files\The Sims Resource
2009-10-08 00:10:23 . 2009-10-08 00:10:23 0 d-----w- C:\Program Files\Mad Scientist Productions
2009-10-04 21:03:30 . 2009-05-31 20:52:11 240128 ----a-w- C:\Windows\system32\uxtheme.dll
2009-10-04 21:03:30 . 2009-05-31 00:35:43 615424 ----a-w- C:\Windows\system32\themeui.dll
2009-10-04 19:56:52 . 2009-10-04 19:56:52 0 d-----w- C:\Program Files\CodeGazer
2009-10-04 01:50:48 . 2009-10-16 19:54:36 0 d-----w- C:\downloads
2009-10-04 01:50:48 . 2009-10-04 01:50:48 0 d-----w- C:\Users\Family\AppData\Roaming\GrabPro
2009-10-04 01:50:20 . 2009-10-16 19:54:41 0 d-----w- C:\Users\Family\AppData\Roaming\Orbit
2009-10-03 01:21:10 . 2009-10-01 14:29:14 195440 ------w- C:\Windows\system32\MpSigStub.exe
2009-10-01 19:29:40 . 2009-10-02 22:11:49 0 d-----w- C:\ProgramData\Electronic Arts
2009-10-01 19:16:38 . 2009-10-01 19:16:38 0 d-----w- C:\Program Files\Microsoft WSE
2009-10-01 18:47:35 . 2009-10-19 22:23:16 0 d-----w- C:\Program Files\Electronic Arts
2009-10-01 00:21:22 . 2009-10-01 00:21:22 853936 ----a-w- C:\Windows\system32\drivers\vmx86.sys
2009-10-01 00:21:22 . 2009-10-01 00:21:22 70704 ----a-w- C:\Windows\system32\drivers\vmci.sys
2009-10-01 00:17:46 . 2009-10-01 00:17:46 14896 ----a-w- C:\Windows\system32\drivers\vmparport.sys
2009-09-30 23:22:48 . 2009-09-30 23:22:48 32304 ----a-w- C:\Windows\system32\drivers\hcmon.sys
2009-09-30 22:57:56 . 2009-09-30 22:57:56 252464 ----a-w- C:\Windows\system32\vmnc.dll
2009-09-30 20:58:46 . 2009-10-21 01:42:41 0 d-----w- C:\Users\Family\AppData\Roaming\Tropico 3
2009-09-30 20:56:59 . 2006-12-08 16:02:00 251672 ----a-w- C:\Windows\system32\xactengine2_5.dll
2009-09-30 20:18:16 . 2009-09-30 20:36:33 0 d-----w- C:\Program Files\Kalypso
2009-09-29 17:55:38 . 2009-09-29 17:55:38 0 d-----w- C:\Windows\Sun
2009-09-29 00:02:46 . 2009-09-29 00:02:46 64960 ----a-w- C:\Windows\system32\drivers\stcp2v30.sys
2009-09-27 19:12:05 . 2009-09-15 10:54:30 52368 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2009-09-27 19:12:05 . 2009-09-15 10:54:21 23152 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2009-09-27 19:12:00 . 2009-09-15 10:53:01 97480 ----a-w- C:\Windows\system32\AvastSS.scr
2009-09-27 19:11:56 . 2009-09-15 10:55:30 114768 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2009-09-27 19:11:56 . 2009-09-15 10:55:19 20560 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2009-09-27 19:10:23 . 2009-09-15 10:59:36 1279968 ----a-w- C:\Windows\system32\aswBoot.exe
2009-09-27 19:10:23 . 2009-09-15 10:55:09 53328 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 05:04:09 . 2009-07-27 16:55:37 0 d-----w- C:\Users\Family\AppData\Roaming\BitTorrent
2009-10-24 08:33:58 . 2009-08-02 22:49:37 212112 ----a-w- C:\Users\Family\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-24 07:22:37 . 2009-08-02 22:48:18 8296 ----a-w- C:\Users\Family\AppData\Local\d3d9caps.dat
2009-10-23 11:46:43 . 2009-08-14 02:50:26 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-10-22 00:53:56 . 2009-08-04 02:50:47 0 d-----w- C:\Program Files\Safari
2009-10-21 20:57:37 . 2009-08-01 04:03:37 0 d-----w- C:\Program Files\Google
2009-10-19 22:54:24 . 2009-07-31 15:31:54 0 d-----w- C:\Program Files\Common Files\Adobe
2009-10-17 21:30:25 . 2009-07-28 02:58:21 0 d-----w- C:\Program Files\Microsoft.NET
2009-10-17 21:25:28 . 2009-08-04 17:19:27 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-10-17 21:25:09 . 2009-07-28 02:53:18 0 d-----w- C:\ProgramData\Microsoft Help
2009-10-16 21:38:01 . 2009-08-12 00:02:34 0 d-----w- C:\Program Files\WinSCP
2009-10-15 22:24:25 . 2009-08-16 02:38:25 0 d-----w- C:\Users\Family\AppData\Roaming\Atari
2009-10-15 22:14:36 . 2009-08-09 23:39:22 0 d-----w- C:\Program Files\Flock
2009-10-15 22:14:24 . 2009-08-09 23:41:47 0 d-----w- C:\Users\Family\AppData\Roaming\Flock
2009-10-14 03:01:09 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-10-03 21:04:14 . 2009-08-03 04:13:36 0 d-----w- C:\Program Files\PowerISO
2009-09-24 22:10:27 . 2009-09-24 00:24:08 0 d-----w- C:\Program Files\iTunes
2009-09-24 22:08:31 . 2009-09-24 21:41:31 0 d-----w- C:\Program Files\TuneUp Utilities 2009
2009-09-24 21:43:16 . 2009-09-24 21:43:16 0 d-----w- C:\Users\Family\AppData\Roaming\TuneUp Software
2009-09-24 21:41:16 . 2009-09-24 21:41:16 0 d-----w- C:\ProgramData\TuneUp Software
2009-09-24 21:37:47 . 2009-09-24 21:37:47 0 d-sh--w- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 00:24:13 . 2009-09-24 00:24:13 0 d-----w- C:\Program Files\iPod
2009-09-24 00:24:12 . 2009-07-27 18:59:11 0 d-----w- C:\Program Files\Common Files\Apple
2009-09-18 21:30:32 . 2009-09-18 21:18:36 0 d-----w- C:\Program Files\Lexmark X1100 Series
2009-09-15 07:09:52 . 2009-09-15 07:09:52 0 d-----w- C:\ProgramData\Office Genuine Advantage
2009-09-14 23:16:10 . 2009-09-14 23:16:10 0 d-----w- C:\Users\Family\AppData\Roaming\cmw
2009-09-14 23:15:27 . 2009-09-14 23:15:06 0 d-----w- C:\Program Files\winpwn-2.5
2009-09-10 21:46:38 . 2009-07-27 20:10:16 0 d-----w- C:\Users\Family\AppData\Roaming\Apple Computer
2009-09-10 07:12:03 . 2009-08-04 03:01:06 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-10 02:36:24 . 2009-09-10 02:36:20 0 d-----w- C:\Program Files\iPhone Configuration Utility
2009-09-10 02:33:48 . 2009-09-10 02:32:30 0 d-----w- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 02:30:13 . 2009-09-10 02:29:27 0 d-----w- C:\Program Files\QuickTime
2009-09-07 19:43:31 . 2009-07-28 02:13:22 2828 --sha-w- C:\Windows\system32\KGyGaAvL.sys
2009-09-07 18:54:32 . 2009-09-07 18:53:05 0 d-----w- C:\Program Files\123WebMessenger2.2
2009-09-06 21:17:55 . 2009-09-06 21:18:46 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-09-06 21:17:43 . 2009-09-06 21:17:43 0 d-----w- C:\Program Files\Java
2009-08-31 00:13:21 . 2009-08-31 00:13:21 0 d-----w- C:\ProgramData\Ulead Systems
2009-08-31 00:12:59 . 2009-08-31 00:12:59 0 d-----w- C:\Program Files\Ulead Systems
2009-08-31 00:11:11 . 2009-08-07 19:29:37 0 d-----w- C:\Program Files\Common Files\InstallShield
2009-08-29 00:27:49 . 2009-09-02 21:14:17 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 . 2009-09-02 21:14:18 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-08-28 23:42:52 . 2009-08-28 23:42:52 40448 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-08-28 23:42:52 . 2009-08-28 23:42:52 2065696 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-08-27 05:22:28 . 2009-10-13 20:42:55 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-08-27 05:17:43 . 2009-10-13 20:42:47 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-08-27 05:17:43 . 2009-10-13 20:42:47 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-08-27 03:42:29 . 2009-10-13 20:42:48 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-08-18 03:33:52 . 2009-08-18 03:33:52 1193832 ----a-w- C:\Windows\system32\FM20.DLL
2009-08-17 15:12:38 . 2008-08-14 11:57:42 73312 ----a-w- C:\Windows\system32\drivers\adfs.sys
2009-08-14 16:27:34 . 2009-09-09 19:53:22 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 15:53:34 . 2009-09-09 19:53:18 17920 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 13:49:20 . 2009-09-09 19:53:19 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 . 2009-09-09 19:53:19 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 13:49:18 . 2009-09-09 19:53:19 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 13:49:15 . 2009-09-09 19:53:20 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 . 2009-09-09 19:53:20 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 13:49:14 . 2009-09-09 19:53:19 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 13:49:13 . 2009-09-09 19:53:19 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 13:48:21 . 2009-09-09 19:53:19 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48:02 . 2009-09-09 19:53:21 105984 ----a-w- C:\Windows\system32\netiohlp.dll
2009-08-14 02:39:36 . 2009-07-28 02:16:21 722416 ----a-w- C:\Windows\system32\drivers\sptd.sys
2009-08-03 19:07:42 . 2009-08-03 19:07:42 403816 ----a-w- C:\Windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 . 2009-08-03 19:07:42 322928 ----a-w- C:\Windows\system32\OGAAddin.dll
2009-08-03 19:07:42 . 2009-08-03 19:07:42 230768 ----a-w- C:\Windows\system32\OGAEXEC.exe
2009-08-02 22:20:35 . 2009-08-02 22:20:35 21316 ----a-w- C:\Windows\system32\emptyregdb.dat
2009-07-28 02:41:17 . 2009-07-28 02:41:16 88 --sh--r- C:\Windows\system32\0ABA49DD56.sys
.

------- Sigcheck -------


[-] 2009-05-31 00:36:02 . 3E549C4703848F9F544BB5EBE2A5F4D9 . 247296 . . [6.0.6000.16386 (vista_rtm.061101-2205)] . . C:\Windows\System32\shsvcs.dll

C:\Windows\system32\cngaudit.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 10:17:40 224712]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 22:51:28 3885408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:23:22 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 04:04:03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:21:41 1008184]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 15:44:34 31072]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 11:58:34 611712]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-18 03:55:00 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-18 03:55:00 92704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-06 21:17:58 149280]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-09-05 05:54:42 417792]
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 15:57:54 74408]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-09-21 20:36:12 305440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 10:56:48 81000]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 07:05:37 217088]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2009-10-01 00:20:24 64048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 08:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 16:08:30 935288]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2009-10-18 00:35:02 1070984]
"SoundMan"="SOUNDMAN.EXE" - C:\Windows\SOUNDMAN.EXE [2009-04-14 11:43:42 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01

R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [9/27/2009 15:11:56 114768]
R2 Apache2.2;Apache2.2;C:\XAMPP\xampp\apache\bin\httpd.exe [10/25/2009 08:20:40 24640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [9/27/2009 15:11:56 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [9/27/2009 15:10:23 53328]
R2 lxbk_device;lxbk_device;C:\Windows\system32\lxbkcoms.exe -service --> C:\Windows\system32\lxbkcoms.exe -service [?]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [9/30/2009 20:21:22 70704]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 16:28:36 1533808]
S2 123 Web Messenger Server 2.2;123 Web Messenger Server 2.2;C:\Program Files\123WebMessenger2.2\server\123webmessenger_setup.exe [7/8/2008 23:29:12 135168]
S2 RealChat;RealChat;C:\Inetpub\RealChat\realchat.exe [9/7/2009 16:46:46 138752]
S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/30/2009 19:22:54 563760]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [8/4/2009 13:23:19 55280]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 18:08:58 533360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [9/15/2009 20:22:24 16896]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 20:28:04 47128]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [7/10/2008 02:49:14 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 20:28:06 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 04:03:59 . 2009-10-21 20:57:35]

2009-07-31 C:\Windows\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2009-07-26 19:43:54 . 2007-08-16 16:03:02]

2009-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{25ACD08D-4BCB-46D0-B932-170EC8033233}.job
- C:\Windows\system32\msfeedssync.exe [2009-10-13 20:42:47 . 2009-08-27 03:41:45]

2009-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{65CF6525-C1AB-4BF2-AA50-CBF8EE2D1D89}.job
- C:\Windows\system32\msfeedssync.exe [2009-10-13 20:42:47 . 2009-08-27 03:41:45]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: C:\Program Files\VMware\VMware Player\vsocklib.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\[You must be registered and logged in to see this link.]
.


C:\Qoobox\Add-Remove Programs.txt
Spoiler:

123 Web Messenger 2.2
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
BitTorrent
Choice Guard
Connect
Corel Paint Shop Pro Photo X2
DAEMON Tools Toolbar
DHTML Editing Component
DivX Codec
DivX Version Checker
Download Updater (AOL LLC)
EA Download Manager
Google Toolbar for Internet Explorer
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
ImTOO iPod Computer Transfer
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 16
John Deere Drive Green
Junk Mail filter update
kuler
Lexmark X1100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVIDIA PhysX
OEM Logo and Information
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
PowerISO
Prototype(TM)
QuickTime
RealChat 5
Realtek AC'97 Audio
Risen
Safari
Screenshot Studio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SlimDX Redistributable (March 2009)
SpeedBit Video Accelerator
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Stronghold 2
Suite Shared Configuration CS4
The Protector
The Sims 2
The Sims™ 3
tools-freebsd
Trojan Remover 6.8.1
Tropico 3 1.00
TS3 Install Helper Monkey
TSR Merlin
TSR Workshop
Ulead GIF Animator 5 TBYB
Ultimate Extras sounds from Microsoft® Tinker™
Uniblue PowerSuite
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
VistaGlazz 1.3
VMware Player
WinAVI MP4 Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Sound Schemes
winpwn-2.5 2.5.0.2
WinRAR
WinSCP 4.2.3 beta


[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Thank you so much!

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Belahzur on Mon Oct 26, 2009 6:13 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by wmdogs2 on Mon Oct 26, 2009 11:05 pm

[You must be registered and logged in to see this link.]

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Belahzur on Tue Oct 27, 2009 12:11 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll | C:\Windows\system32\cngaudit.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by wmdogs2 on Tue Oct 27, 2009 2:08 am

[You must be registered and logged in to see this link.]

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Belahzur on Tue Oct 27, 2009 7:55 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by wmdogs2 on Tue Oct 27, 2009 8:59 pm

It still does not let me run any anti-virus pogram.

And also sometimes it says rootkey was detected.

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Belahzur on Wed Oct 28, 2009 1:18 am

Hmm, there is times where I've seen rootkits even Combofix can't pick up.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by wmdogs2 on Fri Oct 30, 2009 9:34 pm

Spoiler:
GMER 1.0.15.15163 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-30 17:21:41
Windows 6.0.6002 Service Pack 2
Running: eocgbnv5.exe; Driver: C:\Users\Family\AppData\Local\Temp\pxryipod.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? 84436F00
INT 0x62 ? 84436F00
INT 0x62 ? 84436F00
INT 0x62 ? 84436F00
INT 0x62 ? 84436F00
INT 0x62 ? 84436F00
INT 0x92 ? 83FEBBF8
INT 0xA2 ? 83FECBF8
INT 0xB1 ? 83FECBF8
INT 0xB1 ? 83FEABF8
INT 0xB2 ? 83FECBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\splb.sys The system cannot find the path specified. !
.text at8wki9z.SYS 86632000 22 Bytes [82, 63, C2, 81, 6C, 62, C2, ...]
.text at8wki9z.SYS 86632017 81 Bytes [00, 32, 07, EE, 85, 3D, 05, ...]
.text at8wki9z.SYS 86632069 99 Bytes [8B, CA, 81, B0, A8, C9, 81, ...]
.text at8wki9z.SYS 866320CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text at8wki9z.SYS 866320DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text USBPORT.SYS!DllUnload 866BD41B 5 Bytes JMP 844364E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83FEA2D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [85E06D4C] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [85E06DA0] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [85DD66D6] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [85DD6042] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [85DD6800] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [85DD60C0] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [85DD613E] \SystemRoot\System32\Drivers\splb.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 83FEC2D8
IAT \SystemRoot\system32\drivers\storport.sys[ntoskrnl.exe!DbgBreakPoint] 83FEB2D8
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortWritePortUchar] 8386658F
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F866560
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 178.13 /NVIDIA Corporation)
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
IAT \SystemRoot\System32\Drivers\at8wki9z.SYS[NTOSKRNL.exe!KeTickCount] 8B118920
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 844365E0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83FF21F8
Device \Driver\volmgr \Device\VolMgrControl 83FEE1F8
Device \Driver\usbuhci \Device\USBPDO-0 8443C500
Device \Driver\usbuhci \Device\USBPDO-1 8443C500
Device \Driver\netbt \Device\NetBT_Tcpip_{5C678367-50B6-4341-8FBF-DBFCDCE49C2B} 84B7E500
Device \Driver\usbuhci \Device\USBPDO-2 8443C500
Device \Driver\netbt \Device\NetBT_Tcpip_{9F54493A-9413-4957-A12C-23D991308965} 84B7E500
Device \Driver\usbuhci \Device\USBPDO-3 8443C500
Device \Driver\usbehci \Device\USBPDO-4 84442500

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\volmgr \Device\HarddiskVolume1 83FEE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCI_PNP8128 \Device\00000058 splb.sys
Device \Driver\PCI_PNP8128 \Device\00000058 splb.sys
Device \Driver\cdrom \Device\CdRom0 84418390
Device \Driver\PCI_PNP8128 \Device\00000059 splb.sys
Device \Driver\PCI_PNP8128 \Device\00000059 splb.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{2629DE2A-054E-4EE4-BEB8-5767FC9E17B8} 84B7E500
Device \Driver\cdrom \Device\CdRom1 84418390
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 83FF01F8
Device \Driver\atapi \Device\Ide\IdePort0 83FF01F8
Device \Driver\atapi \Device\Ide\IdePort1 83FF01F8
Device \Driver\atapi \Device\Ide\IdePort2 83FF01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-0 83FF01F8
Device \Driver\sptd \Device\420528128 splb.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{06289821-9B28-4CB2-A500-E34E8EE4A4E1} 84B7E500
Device \Driver\netbt \Device\NetBt_Wins_Export 84B7E500
Device \Driver\Smb \Device\NetbiosSmb 84B48500
Device \Driver\vsmraid \Device\RaidPort0 83FF11F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\iScsiPrt \Device\RaidPort1 84460500
Device \Driver\usbhub \Device\0000006a hcmon.sys
Device \Driver\usbhub \Device\0000006b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 8443C500
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 8443C500
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 8443C500
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 8443C500
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 84442500
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
Device \Driver\at8wki9z \Device\Scsi\at8wki9z1Port5Path0Target0Lun0 89A6D500
Device \Driver\at8wki9z \Device\Scsi\at8wki9z1 89A6D500
Device \FileSystem\cdfs \Cdfs 83884500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x16 0x50 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xB1 0xE4 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x5D 0x6E 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xAC 0x42 0xA8 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xCC 0x5A 0x5A 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x16 0x50 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xB1 0xE4 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x5D 0x6E 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xAC 0x42 0xA8 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xCC 0x5A 0x5A 0x58 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@User_Feed_Synchronization-{65CF6525-C1AB-4BF2-AA50-CBF8EE2D1D89}.job.fp 1909975462

---- EOF - GMER 1.0.15 ----

wmdogs2
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : Vista SP2 32bit
Points Points : 26008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Renos.js

Post by Belahzur on Sat Oct 31, 2009 12:08 am

That looks okay, no rootkit activity found.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum