Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
laptop takes ages to load .. very slow ! (New)

Reply  
Thread Tools
nuzhat's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2007
20-Jun-2008, 05:27 AM #1
laptop takes ages to load .. very slow !
it takes a lot of time for the laptop to load.. atleast 20 mins i have to sit before it can load fully so that i can start up with my work. i dont no whats wrong. need major help !

heres my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:50, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.30.217:8080
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Filter: text/plain - {6FB1B021-FB9D-4AEE-8213-E3B913B6D25A} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: floripondio - {6ad686b9-ab56-4ebc-a804-9f70b55b4577} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9369 bytes

superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2008 at 05:25 AM

Application Version : 4.15.1000

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type : Quick Scan
Total Scan Time : 02:41:06

Memory items scanned : 443
Memory threats detected : 0
Registry items scanned : 432
Registry threats detected : 160
File items scanned : 10428
File threats detected : 25

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\general\Cookies\general@2o7[2].txt
C:\Documents and Settings\general\Cookies\general@ad.yieldmanager[1].txt
C:\Documents and Settings\general\Cookies\general@atdmt[1].txt

Adware.IST/ISTBar (Slotch Bar)
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0\win32
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\FLAGS
HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\HELPDIR
HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid
HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid32
HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib
HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib#Version
HKU\S-1-5-21-3312619432-521328545-3501324789-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-3312619432-521328545-3501324789-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKU\S-1-5-21-3312619432-521328545-3501324789-1003\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media

Adware.IST/YourSiteBar
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid32
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib#Version
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid32
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib#Version
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\0
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\0\win32
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\FLAGS
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\HELPDIR

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.Best Offers Network
C:\Program Files\TBONBin\TBONInst.cfg
C:\Program Files\TBONBin\TBONUnst.htm
C:\Program Files\TBONBin
C:\WINDOWS\tboninst.cfg
HKU\S-1-5-21-3312619432-521328545-3501324789-1003\Software\tbon

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings

Trojan.Media-Codec
C:\Documents and Settings\Owner\Favorites\Online Security Test.url

Malware.SpyLocked
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}#AppID
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\acItsN
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\faGnqNLvcyyVp
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\ijhnr
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\jKzMz
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\LmWmkmk
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\LocalServer32
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\LocalServer32#ThreadingModel
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\oqsodafz
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\ProgID
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\qPvLzicelo
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\toufVzkysNTE
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\uHyysQ
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\utjmreAvugmqD
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\VersionIndependentProgID
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\wfaof
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\wfpvkegcwyp
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\Xhogwil
HKCR\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}\ycuGgjzY
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\ProxyStubClsid
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\ProxyStubClsid32
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\TypeLib
HKCR\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}\TypeLib#Version
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\ProxyStubClsid
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\ProxyStubClsid32
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\TypeLib
HKCR\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}\TypeLib#Version
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\ProxyStubClsid
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\ProxyStubClsid32
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\TypeLib
HKCR\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}\TypeLib#Version
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\ProxyStubClsid
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\ProxyStubClsid32
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\TypeLib
HKCR\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}\TypeLib#Version
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\ProxyStubClsid
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\ProxyStubClsid32
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\TypeLib
HKCR\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}\TypeLib#Version
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\ProxyStubClsid
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\ProxyStubClsid32
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\TypeLib
HKCR\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}\TypeLib#Version
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\ProxyStubClsid
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\ProxyStubClsid32
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\TypeLib
HKCR\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}\TypeLib#Version
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\ProxyStubClsid
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\ProxyStubClsid32
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\TypeLib
HKCR\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}\TypeLib#Version
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\ProxyStubClsid
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\ProxyStubClsid32
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\TypeLib
HKCR\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}\TypeLib#Version
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\ProxyStubClsid
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\ProxyStubClsid32
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\TypeLib
HKCR\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}\TypeLib#Version
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\ProxyStubClsid
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\ProxyStubClsid32
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\TypeLib
HKCR\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}\TypeLib#Version
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\ProxyStubClsid
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\ProxyStubClsid32
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\TypeLib
HKCR\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}\TypeLib#Version
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\ProxyStubClsid
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\ProxyStubClsid32
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\TypeLib
HKCR\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}\TypeLib#Version
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\ProxyStubClsid
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\ProxyStubClsid32
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\TypeLib
HKCR\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}\TypeLib#Version
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\ProxyStubClsid
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\ProxyStubClsid32
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\TypeLib
HKCR\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}\TypeLib#Version
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\ProxyStubClsid
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\ProxyStubClsid32
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\TypeLib
HKCR\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}\TypeLib#Version

Trojan.Unclassified/RCDLL-Fake
C:\TCWIN45\BIN\RCDLL.DLL

Worm.Alcra Variant
C:\WINDOWS\SYSTEM32\CMD.COM
C:\WINDOWS\SYSTEM32\NETSTAT.COM
C:\WINDOWS\SYSTEM32\PING.COM
C:\WINDOWS\SYSTEM32\REGEDIT.COM
C:\WINDOWS\SYSTEM32\TASKKILL.COM
C:\WINDOWS\SYSTEM32\TASKLIST.COM
C:\WINDOWS\SYSTEM32\TRACERT.COM

Worm.Duster
C:\WINDOWS\SYSTEM32\DUST.EXE

Bitdefender log

BitDefender Online Scanner



Scan report generated at: Fri, Jun 20, 2008 - 08:21:20





Scan path: C:\;D:\;







Statistics

Time
04:58:58

Files
193951

Folders
6198

Boot Sectors
2

Archives
8129

Packed Files
9350




Results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
1154406

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
39

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock_.DALnet.log
Infected with: Dropped:Win32.Worm.IRC.Decode.B

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock_.DALnet.log
Disinfection failed

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock_.DALnet.log
Deleted

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock__.DALnet.log
Infected with: Win32.Worm.IRC.Decode.B

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock__.DALnet.log
Disinfection failed

C:\Documents and Settings\Owner\Application Data\mIRC\logs\knock__.DALnet.log
Deleted








immediate assistance needed ... pleaseeee help !!!
nuzhat's Avatar
Junior Member with 20 posts.
  
Join Date: Dec 2007
20-Jun-2008, 10:34 AM #2
here are more logs

combofix log

ComboFix 08-06-19.2 - Owner 2008-06-20 18:17:37.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\cf.exe.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Program Files\internet explorer\iekey.dll
C:\setup.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 16:11 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-20 16:11 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 01:57 . 2008-06-20 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 01:50 . 2008-06-20 01:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 01:50 . 2008-06-20 01:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-20 01:48 . 2008-06-20 01:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 01:30 . 2008-06-20 01:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 09:11 . 2008-06-11 19:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-11 09:10 . 2008-06-11 09:10 <DIR> d-------- C:\Program Files\DNA
2008-06-11 09:10 . 2008-06-11 09:10 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-11 09:10 . 2008-06-20 18:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-06-11 09:09 . 2008-06-11 09:10 874,856 --a------ C:\BitTorrent-6.0.3.exe
2008-06-03 18:14 . 2008-06-03 18:29 <DIR> d-------- C:\Documents and Settings\general\Application Data\Winamp
2008-05-27 09:52 . 2008-06-03 18:19 <DIR> d-------- C:\Documents and Settings\general\Application Data\SiteAdvisor
2008-05-26 05:21 . 2008-05-26 05:21 <DIR> d-------- C:\Program Files\Dfx
2008-05-26 05:21 . 2008-05-26 05:21 282,624 --a------ C:\WINDOWS\system32\dfxg11.dll
2008-05-26 05:19 . 2008-05-26 05:21 <DIR> d-------- C:\Program Files\Winamp
2008-05-26 05:19 . 2008-05-26 05:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-26 05:18 . 2008-05-26 05:18 <DIR> d-------- C:\SOFTWARE
2008-05-26 04:47 . 2008-06-18 06:19 <DIR> d-------- C:\Program Files\mIRC
2008-05-26 04:45 . 2008-05-26 04:46 1,743,485 --a------ C:\mirc632.exe
2008-05-25 03:38 . 2008-05-25 03:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-25 00:27 . 2008-05-25 00:27 1,084,451 --a------ C:\mirc631.exe
2008-05-24 23:39 . 2008-06-20 18:39 13,245 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-24 23:34 . 2008-06-01 01:27 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-24 23:34 . 2008-06-20 15:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-05-24 23:34 . 2008-05-24 23:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-05-24 23:34 . 2008-05-26 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-24 23:32 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-05-24 23:25 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-24 23:25 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-24 23:25 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-24 23:25 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-24 23:25 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-24 23:24 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-24 23:22 . 2008-05-24 23:22 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-24 23:21 . 2008-06-20 02:34 <DIR> d-------- C:\Program Files\McAfee
2008-05-24 23:21 . 2008-05-24 23:25 <DIR> d-------- C:\Program Files\Common Files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 00:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-04 18:59 --------- d-----w C:\Program Files\Google
2008-05-24 21:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-05-24 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-14 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-14 20:49 48,795,464 ----a-w C:\new mcafee trial.exe
2008-05-13 22:35 --------- d-----w C:\Program Files\iTunes
2008-05-13 22:35 --------- d-----w C:\Program Files\iPod
2008-05-13 22:28 59,782,440 ----a-w C:\iTunesSetup.exe
2008-05-13 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-03 14:09 26,136 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-05-01 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-26 15:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-13 18:25 4,131,592 ----a-w C:\registryboostersoft32.exe
2008-04-12 13:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-12 13:46 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-12 13:42 34,755,672 ----a-w C:\avg75free_516a1262.exe
2008-04-11 21:38 481,284 ----a-w C:\speed up my pcsoft32.exe
2008-02-25 14:59 26,136 ----a-w C:\Documents and Settings\general\Application Data\GDIPFONTCACHEV1.DAT
.
Code:
<pre>
----a-w         1,803,848 2001-04-03 13:19:40  C:\Win Zip 8.1\Win Zip 8.1 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:56 15360]
"PCShield"="regsvr32" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-11 09:10 289088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 07:29 40960]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-19 04:24 49152]
"TkBellExe"="realsched.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"CPLDBL10"="C:\Program Files\EzButton\CPLDBL10.EXE" [2003-07-03 18:34 204800]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-24 07:03 135168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-30 05:19 638976]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 03:57 36640]
"combofix"="C:\WINDOWS\system32\CF22829.exe" [2004-08-04 13:56 388608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-08-28 06:23:08 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"= C:\TCWIN45\PIPELINE\remind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= AvidAVICodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
--a------ 2003-07-09 10:21 1171456 C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0e4b27e0-9da6-11db-9c94-00038a000015}]
\Shell\Auto\command - E:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{24020d34-aba8-11db-9cab-00038a000015}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3b4cbfd4-6679-11da-99e6-00038a000015}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{42d1ece8-8a80-11db-9c71-00038a000015}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{62f9be0c-8a5d-11db-9c70-00038a000015}]
\Shell\AutoRun\command - E:\ie.exe
\Shell\explore\Command - E:\ie.exe
\Shell\open\Command - E:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{a4e270bc-70b4-11da-9a08-00038a000015}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{f16001f4-576a-11db-9bfd-00038a000015}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{f16001f5-576a-11db-9bfd-00038a000015}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 14:48:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 03:00:03 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\SSVICHOSST.exe
"2008-06-19 21:00:13 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job"
- C:\Program Files\MacroVirus\MacroVirus.ex
- C:\Program Files\MacroVirus
"2008-05-24 17:23:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 19:20:39 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 18:42:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-20 18:52:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 12:52:20

Pre-Run: 3,782,275,072 bytes free
Post-Run: 3,919,753,216 bytes free

232 --- E O F --- 2008-02-15 00:33:33


Malwarebytes' Anti-Malware 1.18
Database version: 871

18:02:22 6/20/2008
mbam-log-6-20-2008 (18-02-22).txt

Scan type: Quick Scan
Objects scanned: 43279
Time elapsed: 50 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{339d8aff-0b42-4260-ad82-78ce605a9543} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d0288a41-9855-4a9b-8316-babe243648da} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MacroVirus (Rogue.MacroVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\{6ad686b9-ab56-4ebc-a804-9f70b55b4577} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MacroVirus (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Quarantine (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Registry Backups (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings (Rogue.MacroVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MacroVirus\mav.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Log\log_2008_04_13_22_59_57.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Log\log_2008_04_13_22_59_58.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Log\log_2008_04_13_23_00_42.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Log\log_2008_04_13_23_00_43.log (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\CustomScan.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\IgnoreList.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\ScanInfo.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\ScanResults.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\SelectedFolders.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MacroVirus\Settings\Settings.stg (Rogue.MacroVirus) -> Quarantined and deleted successfully.


pleaseeee helpp !
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

Tags
slow

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:01 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.