Welcome to GeekPolice!
HomeHelp in Removing Win32:Trojan-gen {Other}
Page 1 of 2 • 1, 2 
- bratz4us
Novice
-
OS : Windows xp
Posts : 8
Rubies : 3087
Likes : 0 
bratz4us on 18th April 2009, 2:17 pm
I downloaded avast and since running first scan i get 150 pop up saying :
C:\RECYCLER\S-1-3-20-2738721359-2706433227-521535331-5282\services.exe
Win32:Trojan-gen {Other}
Virus/Worm
I then click move to chest and it pops right back up I can not do anything with out it being on screen..
I am getting so frustered Praying you can help me with this problem
Very much appreciated
I ran Trend Micro HijackThis v2.0.2 here is results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:20 AM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Update Engine\services.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader5.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
--
End of file - 6831 bytes
C:\RECYCLER\S-1-3-20-2738721359-2706433227-521535331-5282\services.exe
Win32:Trojan-gen {Other}
Virus/Worm
I then click move to chest and it pops right back up I can not do anything with out it being on screen..
I am getting so frustered Praying you can help me with this problem
Very much appreciated
I ran Trend Micro HijackThis v2.0.2 here is results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:20 AM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Update Engine\services.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader5.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
--
End of file - 6831 bytes
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218006
Likes : 18 -
Belahzur on 18th April 2009, 4:39 pm
Hello.
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NTSystem] C:\Program Files\Common Files\Microsoft Update Engine\services.exe - Press "Fix Checked"
- Close Hijack This.
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- bratz4usNovice
-
OS : Windows xp
Posts : 8
Rubies : 3087
Likes : 0 -
bratz4us on 18th April 2009, 5:09 pm
Malwarebytes' Anti-Malware 1.36
Database version: 2001
Windows 5.1.2600 Service Pack 3
4/18/2009 1:05:08 PM
mbam-log-2009-04-18 (13-05-08).txt
Scan type: Quick Scan
Objects scanned: 69966
Time elapsed: 12 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\56.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\56.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\57.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\57.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\58.music.wav (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\58.music.wav.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\59.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\59.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\60.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\60.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\61.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\61.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\62.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\62.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\63.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\63.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
Database version: 2001
Windows 5.1.2600 Service Pack 3
4/18/2009 1:05:08 PM
mbam-log-2009-04-18 (13-05-08).txt
Scan type: Quick Scan
Objects scanned: 69966
Time elapsed: 12 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\56.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\56.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\57.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\57.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\58.music.wav (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\58.music.wav.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\59.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\59.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\60.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\60.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\61.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\61.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\62.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\62.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\63.unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\63.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218006
Likes : 18 -
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218006
Likes : 18 -
Belahzur on 18th April 2009, 5:32 pm
When run it should open the black cmd window.
If you can't run it with a modified file type, right click the file > Rename.
Take the scr off and put exe.
If you can't run it with a modified file type, right click the file > Rename.
Take the scr off and put exe.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- bratz4usNovice
-
OS : Windows xp
Posts : 8
Rubies : 3087
Likes : 0 -
bratz4us on 18th April 2009, 5:36 pm
DDS (Ver_09-03-16.01) - NTFSx86
Run by Lori at 13:30:59.73 on Sat 04/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.165 [GMT -4:00]
AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lori\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [NTSystem] c:\program files\common files\microsoft update engine\services.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-18 20560]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-17 16512]
S3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [2009-1-17 23096]
S3 WmaCVideo;WmaCVideo;c:\windows\system32\drivers\WmaCVideo.sys [2009-1-17 3768]
=============== Created Last 30 ================
2009-04-18 12:49
--d----- c:\docume~1\lori\applic~1\Malwarebytes
2009-04-18 12:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:49
--d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-18 12:49
--d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 09:52
--d----- c:\program files\Trend Micro
2009-04-13 13:32
--d----- c:\docume~1\lori\applic~1\Wal-Mart
2009-04-12 12:38
--d----- c:\program files\common files\Protexis
2009-04-12 12:38
--d----- c:\program files\common files\Corel
2009-04-12 12:21
--d----- c:\windows\system32\appmgmt
2009-04-12 11:43 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-04-12 11:43 88 ---shr-- c:\docume~1\alluse~1\applic~1\144163BAA2.sys
2009-04-12 07:43
--d----- c:\program files\common files\Microsoft Update Engine
2009-03-26 09:01 223,232 a------- c:\windows\system32\sqlite3.dll
2009-03-26 09:01 86,016 a------- c:\windows\system32\SQLiteWrapper.dll
2009-03-22 01:26
--d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-22 00:27 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-22 00:27 208,744 a------- c:\windows\system32\muweb.dll
2009-03-22 00:27 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-21 07:32
--d----- c:\documents and settings\lori\Tracing
2009-03-21 07:24
--d----- c:\program files\common files\Windows Live
==================== Find3M ====================
2009-04-12 09:31 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-10 18:05 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-26 11:31 1,377,872 a------- c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2008-10-21 19:13 2 a--shrot c:\windows\winstart.bat
2008-10-19 10:27 88 ---shr-- c:\windows\system32\144163BAA2.sys
============= FINISH: 13:32:05.31 ===============
Run by Lori at 13:30:59.73 on Sat 04/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.165 [GMT -4:00]
AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lori\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [NTSystem] c:\program files\common files\microsoft update engine\services.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.clarkcolor.com/ClarkActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-18 20560]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-17 16512]
S3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [2009-1-17 23096]
S3 WmaCVideo;WmaCVideo;c:\windows\system32\drivers\WmaCVideo.sys [2009-1-17 3768]
=============== Created Last 30 ================
2009-04-18 12:49
--d----- c:\docume~1\lori\applic~1\Malwarebytes
2009-04-18 12:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-18 12:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 12:49
--d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-18 12:49
--d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 09:52
--d----- c:\program files\Trend Micro
2009-04-13 13:32
--d----- c:\docume~1\lori\applic~1\Wal-Mart
2009-04-12 12:38
--d----- c:\program files\common files\Protexis
2009-04-12 12:38
--d----- c:\program files\common files\Corel
2009-04-12 12:21
--d----- c:\windows\system32\appmgmt
2009-04-12 11:43 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-04-12 11:43 88 ---shr-- c:\docume~1\alluse~1\applic~1\144163BAA2.sys
2009-04-12 07:43
--d----- c:\program files\common files\Microsoft Update Engine
2009-03-26 09:01 223,232 a------- c:\windows\system32\sqlite3.dll
2009-03-26 09:01 86,016 a------- c:\windows\system32\SQLiteWrapper.dll
2009-03-22 01:26
--d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-22 00:27 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-22 00:27 208,744 a------- c:\windows\system32\muweb.dll
2009-03-22 00:27 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-21 07:32
--d----- c:\documents and settings\lori\Tracing
2009-03-21 07:24
--d----- c:\program files\common files\Windows Live
==================== Find3M ====================
2009-04-12 09:31 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-10 18:05 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-26 11:31 1,377,872 a------- c:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2008-10-21 19:13 2 a--shrot c:\windows\winstart.bat
2008-10-19 10:27 88 ---shr-- c:\windows\system32\144163BAA2.sys
============= FINISH: 13:32:05.31 ===============
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218006
Likes : 18 -
Belahzur on 18th April 2009, 5:39 pm
Please download the OTMoveIt3 by OldTimer.
Please post the OTMoveIt log.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it.
- Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:services
Partizan
:files
c:\program files\common files\microsoft update engine\services.exe
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NTSystem"=- - Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Please post the OTMoveIt log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- bratz4usNovice
-
OS : Windows xp
Posts : 8
Rubies : 3087
Likes : 0 -
bratz4us on 18th April 2009, 5:47 pm
========== SERVICES/DRIVERS ==========
Service\Driver Partizan deleted successfully.
========== FILES ==========
File/Folder c:\program files\common files\microsoft update engine\services.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NTSystem deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_134514
Service\Driver Partizan deleted successfully.
========== FILES ==========
File/Folder c:\program files\common files\microsoft update engine\services.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NTSystem deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_134514
Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You can reply to topics in this forum
