Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: HELP!! Virus and Spyware Can someone read my logs  (Read 8144 times)

0 Members and 1 Guest are viewing this topic.

BAttitude7689

    Topic Starter


    Rookie

    HELP!! Virus and Spyware Can someone read my logs
    « on: March 19, 2009, 06:31:15 AM »
    I have both a laptop and a desktop that I go insanely infected yesterday I was transferring files back and forth thru my jump drive and something must have been really bad on my desktop I have AVG and Ive been trying to run that over and over again and it just keeps find more stuff I took a log from Hjackthis  could someone help me out please

    Desktop:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:19:57 AM, on 3/19/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1229758549\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tdctxte.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\afisicx.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229758549\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe (User '?')
    O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
    O4 - S-1-5-21-854245398-1060284298-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: afisicx  Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: tdctxte  Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9458 bytes

    ------------------------------------------------------------------------------------------------------------------------------------------

    Laptop:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:25:17 AM, on 3/19/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\afisicx.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\tdctxte.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\AOL\1201480978\ee\AOLSoftware.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [tabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [tabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
    O4 - HKLM\..\Run: [trot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201480978\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201344541656
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218244135437
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll
    O23 - Service: afisicx  Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DVD-RAM_Service - Unknown owner - C:\WINDOWS\system32\DVDRAMSV.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: sopidkc  Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
    O23 - Service: tdctxte  Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: TW3GService (TW3GSVC) - Unknown owner - C:\Program Files\Toshiba\3GUty\tw3gsvc.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 12596 bytes

    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: HELP!! Virus and Spyware Can someone read my logs
    « Reply #1 on: March 19, 2009, 10:34:43 AM »

    Flash Drive Cleanup- Use this on both the laptop and desktop.

    Please have all your removable storage devices ready for disinfection.

    Download Flash Disinfector by sUBs and save it to your Desktop.
     
    * Double-click Flash_Disinfector.exe to run it.
    * Your desktop and icons may disappear. This is normal.
    * It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
    * Follow any prompts that may appear.
    * The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    * Wait until it has finished scanning and then exit the program.
    * There will be no GUI interface or log file produced.
    * Reboot your computer when done.[/list]

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

    ----------

    Next you will need to use the malware removal guide on both computers.

    http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095
    Logged

    BAttitude7689

      Topic Starter


      Rookie

      Re: HELP!! Virus and Spyware Can someone read my logs
      « Reply #2 on: March 20, 2009, 05:19:27 PM »
      This is my log from SUPER AntiSpyware

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 03/20/2009 at 06:54 PM

      Application Version : 4.25.1014

      Core Rules Database Version : 3807
      Trace Rules Database Version: 1762

      Scan type       : Complete Scan
      Total Scan Time : 01:43:14

      Memory items scanned      : 534
      Memory threats detected   : 3
      Registry items scanned    : 6330
      Registry threats detected : 24
      File items scanned        : 71471
      File threats detected     : 19

      Trojan.Agent/Service
         C:\WINDOWS\SYSTEM32\AFISICX.EXE
         C:\WINDOWS\SYSTEM32\AFISICX.EXE
         C:\WINDOWS\Prefetch\AFISICX.EXE-103B631B.pf

      Trojan.Agent/Gen-FraudLoad
         C:\WINDOWS\SYSTEM32\SOPIDKC.EXE
         C:\WINDOWS\SYSTEM32\SOPIDKC.EXE
         C:\WINDOWS\SYSTEM32\TDCTXTE.EXE
         C:\WINDOWS\SYSTEM32\TDCTXTE.EXE
         C:\WINDOWS\Prefetch\SOPIDKC.EXE-31C09050.pf
         C:\WINDOWS\Prefetch\TDCTXTE.EXE-0702911C.pf

      Rootkit.Agent/Trace
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX#NextInstance
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#Service
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#Legacy
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#ConfigFlags
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#Class
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#ClassGUID
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000#DeviceDesc
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000\Control
         HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFISICX\0000\Control#ActiveService
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#Type
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#Start
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#ErrorControl
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#ImagePath
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#DisplayName
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx#ObjectName
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Security
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Security#Security
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Enum
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Enum#0
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Enum#Count
         HKLM\SYSTEM\CurrentControlSet\Services\afisicx\Enum#NextInstance

      Trojan.Unknown Origin
         C:\PROGRAM FILES\DVDFAB PLATINUM 3\CRACK.EXE
         D:\MY SHITZ\INSTALLS\VIDEO EDIT PROGRAMS\DVDFAB.PLATINUM.V3.0.3.5.CRACKED-EXPLOSION\CRACK\CRACK.EXE

      Adware.Tracking Cookie
         C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[1].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\system@casalemedia[1].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\system@insightexpressai[2].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
         C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt

      Rootkit.Agent/Gen-FraudLoad
         C:\WINDOWS\SYSTEM32\TPSZXYD.SYS
         C:\WINDOWS\Prefetch\TPSZXYD.SYS-1B7D83A7.pf

      Trojan.Agent/Gen-FSG
         D:\MY SHITZ\INSTALLS\DOC TO PDF\VERYDOC.PDF.TO.WORD.CONVERTER.V2.0.KEYGEN.ONLY-HAZE\KEYGEN.EXE
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: HELP!! Virus and Spyware Can someone read my logs
      « Reply #3 on: March 20, 2009, 05:21:48 PM »
      Looks like a lot was removed so far. It would be easier if we work on one computer at a time, or start a new topic for the other computer. That way we don't get them crossed up.
      Logged

      BAttitude7689

        Topic Starter


        Rookie

        Re: HELP!! Virus and Spyware Can someone read my logs
        « Reply #4 on: March 20, 2009, 05:38:06 PM »
        Yea that makes sense thats what Im doing to which Im doing the desktop first Here are the other logs


        Malwarebytes' Anti-Malware 1.34
        Database version: 1879
        Windows 5.1.2600 Service Pack 3

        3/20/2009 7:27:38 PM
        mbam-log-2009-03-20 (19-27-36).txt

        Scan type: Quick Scan
        Objects scanned: 70986
        Time elapsed: 5 minute(s), 48 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 2
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 7

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> No action taken.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> No action taken.

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
        C:\WINDOWS\system32\dconook32.sys (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\dctool32.sys (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\dxonool32.sys (Backdoor.Bot) -> No action taken.
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: HELP!! Virus and Spyware Can someone read my logs
        « Reply #5 on: March 20, 2009, 05:39:28 PM »
        Everything says No action taken.

        Did you remove the threats after copying the log?
        Logged

        BAttitude7689

          Topic Starter


          Rookie

          Re: HELP!! Virus and Spyware Can someone read my logs
          « Reply #6 on: March 20, 2009, 05:39:50 PM »
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 7:36:29 PM, on 3/20/2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16762)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Common Files\AOL\1229758549\ee\AOLSoftware.exe
          C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\devldr32.exe
          C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\PROGRA~1\AVG\AVG8\avgam.exe
          C:\PROGRA~1\AVG\AVG8\avgrsx.exe
          C:\PROGRA~1\AVG\AVG8\avgnsx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Viewpoint\Common\ViewpointService.exe
          C:\PROGRA~1\AVG\AVG8\avgemc.exe
          C:\Program Files\AVG\AVG8\avgcsrvx.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
          O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
          O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229758549\ee\AOLSoftware.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
          O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
          O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
          O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
          O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe (User '?')
          O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
          O4 - HKUS\S-1-5-21-854245398-1060284298-725345543-1003\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
          O4 - S-1-5-21-854245398-1060284298-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
          O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
          O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
          O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
          O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
          O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
          O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
          O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
          O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

          --
          End of file - 8659 bytes
          Logged

          BAttitude7689

            Topic Starter


            Rookie

            Re: HELP!! Virus and Spyware Can someone read my logs
            « Reply #7 on: March 20, 2009, 05:41:37 PM »
            yes Sorry...here it is


            Malwarebytes' Anti-Malware 1.34
            Database version: 1879
            Windows 5.1.2600 Service Pack 3

            3/20/2009 7:27:45 PM
            mbam-log-2009-03-20 (19-27-45).txt

            Scan type: Quick Scan
            Objects scanned: 70986
            Time elapsed: 5 minute(s), 48 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 2
            Registry Values Infected: 0
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 7

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\dconook32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\dctool32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\dxonool32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: HELP!! Virus and Spyware Can someone read my logs
            « Reply #8 on: March 20, 2009, 05:41:50 PM »
            OK. BRB.
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: HELP!! Virus and Spyware Can someone read my logs
            « Reply #9 on: March 20, 2009, 05:44:47 PM »
            Open HijackThis and select Do a system scan only.

            Place a check mark next to the following entries: (if there)

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            .
            Important: Close all windows except for HijackThis and then click Fix checked.

            Exit HijackThis.

            ----------

            Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

            Link #1
            Link #2

            **Note:  It is important that it is saved directly to your Desktop

            Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

            Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
             
            Double click combofix.exe & follow the prompts.
            When finished ComboFix will produce a log for you.
            Post the ComboFix log in your next reply.

            Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

            Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

            If you have problems with ComboFix usage, see How to use ComboFix
            Logged

            BAttitude7689

              Topic Starter


              Rookie

              Re: HELP!! Virus and Spyware Can someone read my logs
              « Reply #10 on: March 20, 2009, 05:54:37 PM »
              i disabled my AVG but when I started combo fix it said it was still running and I couldnt figure it out to shut it down and there is no no visible sign of it running but combo fix said it was so i wanted to just uninstall it and just forgot it this is the error message i got when i tried to uninstall

              "Local machine: installation failed
                  Installation:
                      Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
                          Error 0x80070005"
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: HELP!! Virus and Spyware Can someone read my logs
              « Reply #11 on: March 20, 2009, 05:55:37 PM »
              Just continue with ComboFix. If AVG tries to block it then just allow it to run.
              Logged

              BAttitude7689

                Topic Starter


                Rookie

                Re: HELP!! Virus and Spyware Can someone read my logs
                « Reply #12 on: March 20, 2009, 10:50:05 PM »
                ComboFix 09-03-19.02 - Meatball 2009-03-20 20:00:39.2 - NTFSx86
                Running from: c:\documents and settings\Meatball\Desktop\ComboFix.exe
                AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
                .

                (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                c:\windows\Install.txt
                c:\windows\system32\drivers\ntndis.sys
                c:\windows\system32\Install.txt

                c:\windows\system32\userinit.exe . . . is infected!!

                c:\windows\system32\spoolsv.exe . . . is infected!!

                c:\windows\explorer.exe . . . is infected!!

                .
                (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                -------\Legacy_SOPIDKC


                (((((((((((((((((((((((((   Files Created from 2009-02-21 to 2009-03-21  )))))))))))))))))))))))))))))))
                .

                2009-03-20 19:34 . 2009-03-20 19:34   <DIR>   d--------   c:\program files\Trend Micro
                2009-03-20 19:20 . 2009-03-20 19:20   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
                2009-03-20 19:20 . 2009-03-20 19:20   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Malwarebytes
                2009-03-20 19:20 . 2009-03-20 19:20   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
                2009-03-20 19:20 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
                2009-03-20 19:20 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
                2009-03-20 17:07 . 2009-03-20 17:07   <DIR>   d--------   c:\program files\SUPERAntiSpyware
                2009-03-20 17:07 . 2009-03-20 17:07   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\SUPERAntiSpyware.com
                2009-03-20 17:07 . 2009-03-20 17:07   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                2009-03-20 17:03 . 2009-03-20 17:03   <DIR>   d--------   c:\program files\CCleaner
                2009-03-19 12:02 . 2009-03-19 12:02   <DIR>   d--------   c:\program files\Lavasoft
                2009-03-19 12:02 . 2009-03-19 12:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
                2009-03-19 12:01 . 2009-03-20 17:07   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
                2009-03-18 21:02 . 2009-03-19 00:29   <DIR>   d--------   c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
                2009-03-18 20:49 . 2009-03-18 20:49   578,560   --a--c---   c:\windows\system32\dllcache\user32.dll
                2009-03-18 20:48 . 2009-03-18 20:48   <DIR>   d--------   c:\windows\ERUNT
                2009-03-18 20:46 . 2009-03-18 20:46   0   --a------   c:\windows\system32\3D.tmp
                2009-03-18 20:45 . 2009-03-18 20:45   <DIR>   d--------   c:\documents and settings\Administrator
                2009-03-18 20:45 . 2009-03-18 20:45   182,656   --a--c---   c:\windows\system32\dllcache\ndis.sys
                2009-03-18 19:58 . 2009-03-19 08:32   <DIR>   d--------   C:\SDFix
                2009-03-18 19:50 . 2009-03-18 19:50   <DIR>   d--------   C:\VundoFix Backups
                2009-03-18 15:29 . 2009-03-18 15:29   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Nero
                2009-03-18 15:19 . 2009-03-18 20:04   <DIR>   d--------   c:\program files\Nero 9
                2009-03-18 15:19 . 2009-03-18 17:05   9,195   --a------   c:\windows\system32\wf.exe
                2009-03-17 21:03 . 2009-03-17 21:04   <DIR>   d--------   C:\SonySupport
                2009-03-10 10:13 . 2009-03-10 10:13   73,728   --a------   c:\windows\system32\javacpl.cpl
                2009-03-06 15:04 . 2009-03-06 15:04   <DIR>   d--------   c:\program files\PayPal
                2009-03-04 01:29 . 2009-03-18 17:11   <DIR>   d--------   c:\temp\Aspi 470
                2009-03-04 01:29 . 2009-03-04 01:29   <DIR>   d--------   C:\Temp
                2009-03-04 01:29 . 1999-11-24 02:00   288,433   --a------   c:\temp\aspi32.exe
                2009-03-04 01:29 . 2002-06-13 17:39   171,520   --a------   c:\temp\UNWISE.EXE
                2009-03-04 01:29 . 2007-09-17 05:34   45,056   --a------   c:\windows\system32\WNASPI2K.BAK
                2009-03-04 01:29 . 2007-09-17 05:34   16,512   --a------   c:\windows\system32\drivers\ASPI2K.BAK
                2009-03-04 01:29 . 2002-07-17 17:22   5,600   --a------   c:\windows\system\WINASPI.DLL
                2009-03-04 01:29 . 2002-07-17 17:22   4,672   --a------   c:\windows\system\WOWPOST.EXE
                2009-03-04 01:28 . 2009-03-04 18:19   <DIR>   d--------   c:\program files\DeadDiskDoctor
                2009-03-01 21:57 . 2009-03-01 22:00   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Aim
                2009-03-01 21:56 . 2009-03-01 21:56   <DIR>   d--------   c:\program files\AOD
                2009-03-01 21:56 . 2009-03-01 22:00   <DIR>   d--------   c:\program files\AIM
                2009-03-01 21:21 . 2009-03-04 18:17   <DIR>   d--------   c:\program files\Trillian
                2009-02-26 02:52 . 2009-02-26 02:52   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Autodesk
                2009-02-26 02:52 . 2009-03-01 15:21   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Autodesk
                2009-02-26 02:51 . 2007-07-19 19:14   3,727,720   --a------   c:\windows\system32\d3dx9_35.dll
                2009-02-26 02:50 . 2009-02-26 02:50   <DIR>   d--------   c:\program files\MSBuild
                2009-02-26 02:46 . 2009-02-26 02:46   <DIR>   d--------   c:\windows\system32\XPSViewer
                2009-02-26 02:45 . 2009-02-26 02:45   <DIR>   d--------   c:\program files\Reference Assemblies
                2009-02-26 02:45 . 2006-06-29 14:07   14,048   ---------   c:\windows\system32\spmsg2.dll
                2009-02-26 00:57 . 2009-02-26 01:02   <DIR>   d--------   c:\program files\RegCure
                2009-02-25 16:21 . 2009-02-25 16:21   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Leadertech
                2009-02-24 02:45 . 2009-02-24 02:45   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\Research In Motion
                2009-02-24 01:07 . 2009-02-24 01:07   <DIR>   d--------   c:\documents and settings\Meatball\Application Data\InstallShield
                2009-02-24 01:04 . 2009-02-24 01:05   <DIR>   d--------   c:\program files\Roxio
                2009-02-24 01:04 . 2009-02-24 01:04   <DIR>   d--------   c:\program files\Common Files\Sonic Shared

                .
                ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2009-03-20 23:52   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
                2009-03-19 15:58   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
                2009-03-19 15:58   ---------   d-----w   c:\program files\SpywareBlaster
                2009-03-19 00:45   182,656   ----a-w   c:\windows\system32\drivers\ndis.sys
                2009-03-18 23:10   ---------   d-----w   c:\documents and settings\Meatball\Application Data\U3
                2009-03-18 20:26   ---------   d-----w   c:\program files\QuickTime
                2009-03-18 19:31   ---------   d-----w   c:\program files\Hewlett-Packard
                2009-03-17 20:07   ---------   d-----w   c:\documents and settings\Meatball\Application Data\LimeWire
                2009-03-06 19:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
                2009-03-04 05:33   0   ----a-w   c:\program files\Common Files\dht342126
                2009-03-02 01:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
                2009-02-24 05:05   ---------   d-----w   c:\program files\Common Files\Roxio Shared
                2009-02-24 05:04   ---------   d-----w   c:\documents and settings\All Users\Application Data\Roxio
                2009-02-24 04:59   ---------   d-----w   c:\program files\Common Files\Research In Motion
                2009-01-24 03:49   ---------   d-----w   c:\documents and settings\Meatball\Application Data\Azureus
                2009-01-23 15:08   ---------   d-----w   c:\program files\Common Files\AOL
                2009-01-23 06:39   78,848   ----a-w   c:\windows\ALCFDRTM.EXE
                2009-01-07 03:32   47,360   ----a-w   c:\documents and settings\Meatball\Application Data\pcouffin.sys
                2009-01-07 03:32   102,400   ----a-w   c:\documents and settings\Meatball\Application Data\ezpinst.exe
                2008-12-20 22:58   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122020081221\index.dat
                .

                ------- Sigcheck -------

                2004-08-04 08:00  182912  1df7f42665c94b825322fae71721130d   c:\windows\$NtServicePackUninstall$\ndis.sys
                2008-04-13 15:20  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
                2009-03-18 20:45  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\dllcache\ndis.sys
                2009-03-18 20:45  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

                2008-04-13 20:12  1052160  e0def6254a283e7792e870b6747cd9c2   c:\windows\explorer.exe
                2004-08-04 08:00  1050624  61f18c430c05d69c9a21004137825683   c:\windows\$NtServicePackUninstall$\explorer.exe
                2008-04-13 20:12  1052160  339142b2c0c215720e0b22715e481d07   c:\windows\ServicePackFiles\i386\explorer.exe

                2008-04-13 20:12  33792  ad05cf6f4b117e9849a2d742fd67740a   c:\windows\ServicePackFiles\i386\ctfmon.exe
                2008-04-13 20:12  33792  7e85582c91cbf7fb3a4eeb0ab6bddc7b   c:\windows\system32\ctfmon.exe

                2004-08-04 08:00  76288  07739c6f7cb48115895278b6f75ec3e8   c:\windows\$NtServicePackUninstall$\spoolsv.exe
                2008-04-13 20:12  76288  fd6c8d3724076b231bf28d5743ac536c   c:\windows\ServicePackFiles\i386\spoolsv.exe
                2008-04-13 20:12  76288  4af1f6e42fa8ac73251dabae0b8a3899   c:\windows\system32\spoolsv.exe

                2004-08-04 08:00  43008  0f99aa51fc9c0c5a6607b146956a7706   c:\windows\$NtServicePackUninstall$\userinit.exe
                2008-04-13 20:12  44544  b39f13bea88ec072a8e1db234922e325   c:\windows\ServicePackFiles\i386\userinit.exe
                2008-04-13 20:12  45056  17b1628ad1cbfca9df1793b4d9093eca   c:\windows\system32\userinit.exe
                .
                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ResChanger2004"="c:\program files\eVGA\ResChanger2004\ResChanger2004.exe" [2004-03-02 901120]
                "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 33792]
                "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
                "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
                "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-10 118837]
                "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 131072]
                "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]
                "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
                "HostManager"="c:\program files\Common Files\AOL\1229758549\ee\AOLSoftware.exe" [2008-06-24 41824]
                "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
                "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
                "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
                "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
                "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
                "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
                "nwiz"="nwiz.exe" [2005-01-10 c:\windows\system32\nwiz.exe]

                [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
                2009-01-08 09:20 10520 c:\windows\system32\avgrsstx.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                "aux"= ctwdm32.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
                --a------ 2009-01-08 09:20 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
                "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
                "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
                "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                "c:\\Program Files\\iTunes\\iTunes.exe"=
                "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
                "c:\\Program Files\\AIM6\\aim6.exe"=
                "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
                "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
                "c:\\Program Files\\Common Files\\AOL\\1229758549\\ee\\aolsoftware.exe"=
                "c:\\Program Files\\AOL 9.1\\waol.exe"=
                "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
                "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                "c:\\Program Files\\LimeWire\\LimeWire.exe"=
                "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
                "c:\\Program Files\\Vuze\\Azureus.exe"=
                "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

                R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
                S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-01-08 12552]
                S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-15 325128]
                S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-08 107272]
                S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
                S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
                S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-08 903960]
                S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
                S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


                --- Other Services/Drivers In Memory ---

                *Deregistered* - aawservice
                *Deregistered* - AFD
                *Deregistered* - ALG
                *Deregistered* - AOL ACS
                *Deregistered* - Apple Mobile Device
                *Deregistered* - Arp1394
                *Deregistered* - Aspi32
                *Deregistered* - AudioSrv
                *Deregistered* - audstub
                *Deregistered* - avg8emc
                *Deregistered* - avg8wd
                *Deregistered* - AvgLdx86
                *Deregistered* - AvgMfx86
                *Deregistered* - AvgRkx86
                *Deregistered* - AvgTdiX
                *Deregistered* - Beep
                *Deregistered* - Bonjour Service
                *Deregistered* - Browser
                *Deregistered* - Cdfs
                *Deregistered* - CryptSvc
                *Deregistered* - DcomLaunch
                *Deregistered* - Dhcp
                *Deregistered* - dmio
                *Deregistered* - dmload
                *Deregistered* - dmserver
                *Deregistered* - Dnscache
                *Deregistered* - drvnddm
                *Deregistered* - emu10k1
                *Deregistered* - ERSvc
                *Deregistered* - EventSystem
                *Deregistered* - Fastfat
                *Deregistered* - FastUserSwitchingCompatibility
                *Deregistered* - Fips
                *Deregistered* - FltMgr
                *Deregistered* - Ftdisk
                *Deregistered* - Gpc
                *Deregistered* - helpsvc
                *Deregistered* - HTTP
                *Deregistered* - ImapiService
                *Deregistered* - IntelIde
                *Deregistered* - IpNat
                *Deregistered* - iPod Service
                *Deregistered* - IPSec
                *Deregistered* - JavaQuickStarterService
                *Deregistered* - KSecDD
                *Deregistered* - lanmanserver
                *Deregistered* - lanmanworkstation
                *Deregistered* - LmHosts
                *Deregistered* - mnmdd
                *Deregistered* - Modem
                *Deregistered* - MountMgr
                *Deregistered* - MRxDAV
                *Deregistered* - MRxSmb
                *Deregistered* - Msfs
                *Deregistered* - mssmbios
                *Deregistered* - Mup
                *Deregistered* - NDIS
                *Deregistered* - NdisTapi
                *Deregistered* - Ndisuio
                *Deregistered* - NdisWan
                *Deregistered* - NDProxy
                *Deregistered* - NetBIOS
                *Deregistered* - NetBT
                *Deregistered* - Netman
                *Deregistered* - Nla
                *Deregistered* - Npfs
                *Deregistered* - Ntfs
                *Deregistered* - Null
                *Deregistered* - NVSvc
                *Deregistered* - PartMgr
                *Deregistered* - ParVdm
                *Deregistered* - PolicyAgent
                *Deregistered* - PptpMiniport
                *Deregistered* - ProtectedStorage
                *Deregistered* - PSched
                *Deregistered* - RasAcd
                *Deregistered* - Rasl2tp
                *Deregistered* - RasMan
                *Deregistered* - RasPppoe
                *Deregistered* - Raspti
                *Deregistered* - Rdbss
                *Deregistered* - RDPCDD
                *Deregistered* - rdpdr
                *Deregistered* - RemoteRegistry
                *Deregistered* - RimVSerPort
                *Deregistered* - Roxio Upnp Server 9
                *Deregistered* - RoxLiveShare9
                *Deregistered* - RpcSs
                *Deregistered* - SamSs
                *Deregistered* - SASDIFSV
                *Deregistered* - SASKUTIL
                *Deregistered* - Schedule
                *Deregistered* - seclogon
                *Deregistered* - SENS
                *Deregistered* - sfman
                *Deregistered* - SharedAccess
                *Deregistered* - ShellHWDetection
                *Deregistered* - Spooler
                *Deregistered* - sr
                *Deregistered* - srservice
                *Deregistered* - Srv
                *Deregistered* - SSDPSRV
                *Deregistered* - ssrtln
                *Deregistered* - stisvc
                *Deregistered* - swenum
                *Deregistered* - TapiSrv
                *Deregistered* - Tcpip
                *Deregistered* - TermDD
                *Deregistered* - TermService
                *Deregistered* - tfsnboio
                *Deregistered* - tfsncofs
                *Deregistered* - tfsndrct
                *Deregistered* - tfsndres
                *Deregistered* - tfsnifs
                *Deregistered* - tfsnopio
                *Deregistered* - tfsnpool
                *Deregistered* - tfsnudf
                *Deregistered* - tfsnudfa
                *Deregistered* - Themes
                *Deregistered* - TrkWks
                *Deregistered* - Update
                *Deregistered* - VgaSave
                *Deregistered* - Viewpoint Manager Service
                *Deregistered* - VolSnap
                *Deregistered* - W32Time
                *Deregistered* - Wanarp
                *Deregistered* - wanatw
                *Deregistered* - WebClient
                *Deregistered* - winmgmt
                *Deregistered* - wscsvc
                *Deregistered* - wuauserv
                *Deregistered* - WZCSVC
                .
                Contents of the 'Scheduled Tasks' folder

                2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
                - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

                2009-03-21 c:\windows\Tasks\RegCure Program Check.job
                - c:\program files\RegCure\RegCure.exe [2008-12-25 04:11]

                2009-03-19 c:\windows\Tasks\RegCure.job
                - c:\program files\RegCure\RegCure.exe [2008-12-25 04:11]
                .
                .
                ------- Supplementary Scan -------
                .
                uStart Page = hxxp://yahoo.com/
                mStart Page = hxxp://www.aol.com/?src=customie7
                uInternet Settings,ProxyOverride = *.local
                IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
                IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
                FF - ProfilePath - c:\documents and settings\Meatball\Application Data\Mozilla\Firefox\Profiles\n4zbf2fl.default\
                FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
                FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
                FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
                FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
                FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
                .

                **************************************************************************

                catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2009-03-20 20:12:52
                Windows 5.1.2600 Service Pack 3 NTFS

                detected NTDLL code modification:
                ZwOpenFile

                scanning hidden processes ... 

                scanning hidden autostart entries ...

                scanning hidden files ... 

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                --------------------- DLLs Loaded Under Running Processes ---------------------

                - - - - - - - > 'winlogon.exe'(888)
                c:\program files\SUPERAntiSpyware\SASWINLO.dll
                c:\program files\Bonjour\mdnsNSP.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\program files\Lavasoft\Ad-Aware\aawservice.exe
                c:\program files\Common Files\AOL\acs\AOLacsd.exe
                c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                c:\program files\Bonjour\mDNSResponder.exe
                c:\program files\Java\jre6\bin\jqs.exe
                c:\windows\system32\devldr32.exe
                c:\windows\system32\nvsvc32.exe
                c:\progra~1\AVG\AVG8\avgam.exe
                c:\program files\AVG\AVG8\avgrsx.exe
                c:\progra~1\AVG\AVG8\avgnsx.exe
                c:\program files\AVG\AVG8\avgcsrvx.exe
                c:\program files\iPod\bin\iPodService.exe
                c:\program files\Internet Explorer\iexplore.exe
                c:\progra~1\AVG\AVG8\aAvgApi.exe
                .
                **************************************************************************
                .
                Completion time: 2009-03-20 20:15:23 - machine was rebooted
                ComboFix-quarantined-files.txt  2009-03-21 00:15:18
                ComboFix2.txt  2009-03-19 02:17:58

                Pre-Run: 93,720,391,680 bytes free
                Post-Run: 93,681,610,752 bytes free

                374   --- E O F ---   2009-01-01 06:25:19
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: HELP!! Virus and Spyware Can someone read my logs
                « Reply #13 on: March 20, 2009, 11:08:47 PM »
                Bad news. This is a Virut infection. There is no way to fix this. You will have to reformat and reinstall Windows.

                Read this response closely, it says it all about this infection > http://www.bleepingcomputer.com/forums/index.php?showtopic=209782&view=findpost&p=1185502
                Logged

                BAttitude7689

                  Topic Starter


                  Rookie

                  Re: HELP!! Virus and Spyware Can someone read my logs
                  « Reply #14 on: March 23, 2009, 08:26:26 PM »
                  wow ok that absolutely sucks...my only question now is what is safe to back up?
                  Logged
                  Pages: [1] 2  All   Go Up
                  « previous next »