1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected With Win32/psw.onlinegames.muu Trojan

Discussion in 'Virus & Other Malware Removal' started by script.kiddie, Apr 3, 2008.

Thread Status:
Not open for further replies.
  1. script.kiddie

    script.kiddie Thread Starter

    Joined:
    Dec 14, 2007
    Messages:
    6
    StartupListreport,4/3/2008,1:27:43AM
    StartupListversion:1.52.2
    Startedfrom:D:\HijackThis.EXE
    Detected:WindowsXPSP2(WinNT5.01.2600)
    Detected:InternetExplorerv6.00SP2(6.00.2900.2180)
    *Usingdefaultoptions
    *Includingemptyanduninterestingsections
    *Showingrarelyimportantsections
    ==================================================
    Runningprocesses:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.exe
    C:\ProgramFiles\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\ProgramFiles\Eset\nod32kui.exe
    C:\ProgramFiles\MozillaFirefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\ProgramFiles\Eset\nod32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\HijackThis.exe

    --------------------------------------------------
    Listingofstartupfolders:

    ShellfoldersStartup:
    [C:\DocumentsandSettings\Chetan\StartMenu\Programs\Startup]
    *Nofiles*

    ShellfoldersAltStartup:
    *Foldernotfound*

    UsershellfoldersStartup:
    *Foldernotfound*

    UsershellfoldersAltStartup:
    *Foldernotfound*

    ShellfoldersCommonStartup:
    [C:\DocumentsandSettings\AllUsers\StartMenu\Programs\Startup]
    *Nofiles*

    ShellfoldersCommonAltStartup:
    *Foldernotfound*

    UsershellfoldersCommonStartup:
    *Foldernotfound*

    UsershellfoldersAlternateCommonStartup:
    *Foldernotfound*

    --------------------------------------------------

    CheckingWindowsNTUserInit:

    [HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
    UserInit=C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registrykeynotfound*

    [HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
    *Registryvaluenotfound*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    nod32kui="C:\ProgramFiles\Eset\nod32kui.exe"/WAITSERVICE
    MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe/auto

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *Novaluesfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    Title=UnHackMeRootkitCheck

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    *Novaluesfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *Novaluesfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Run

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Run

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *Novaluesfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    [ApprovedByRegRun2]
    *Novaluesfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Nosubkeysfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *Nosubkeysfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *Nosubkeysfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Run
    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesinRegistrysubkeysof:
    HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Run
    *Registrykeynotfound*

    --------------------------------------------------

    Fileassociationentryfor.EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default)="%1"%*

    --------------------------------------------------

    Fileassociationentryfor.COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default)="%1"%*

    --------------------------------------------------

    Fileassociationentryfor.BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default)="%1"%*

    --------------------------------------------------

    Fileassociationentryfor.PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default)="%1"%*

    --------------------------------------------------

    Fileassociationentryfor.SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default)="%1"/S

    --------------------------------------------------

    Fileassociationentryfor.HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default)=C:\WINDOWS\system32\mshta.exe"%1"%*

    --------------------------------------------------

    Fileassociationentryfor.TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default)=%SystemRoot%\system32\NOTEPAD.EXE%1

    --------------------------------------------------

    EnumeratingActiveSetupstubpaths:
    HKLM\Software\Microsoft\ActiveSetup\InstalledComponents
    (*=disabledbyHKCUtwin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath=C:\WINDOWS\inf\unregmp2.exe/ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}]*
    StubPath=%systemroot%\system32\shmgrate.exeOCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]*
    StubPath=RunDLL32IEDKCS32.DLL,BrandIE4SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]*
    StubPath=%systemroot%\system32\shmgrate.exeOCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]*
    StubPath=%SystemRoot%\system32\regsvr32.exe/s/n/i:/UserInstall%SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]*
    StubPath="%ProgramFiles%\OutlookExpress\setup50.exe"/APP:OE/CALLER:WINNT/user/install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]*
    StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{4b218e3e-bc98-4770-93d3-2731b9329278}]*
    StubPath=%SystemRoot%\System32\rundll32.exesetupapi,InstallHinfSectionMarketplaceLinkInstall896%systemroot%\inf\ie.inf

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}]*
    StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}]*
    StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}]*
    StubPath="%ProgramFiles%\OutlookExpress\setup50.exe"/APP:WAB/CALLER:WINNT/user/install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}]*
    StubPath=regsvr32.exe/s/n/i:Ushell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}]*
    StubPath=%SystemRoot%\system32\ie4uinit.exe

    --------------------------------------------------

    EnumeratingICQAgentAutostartapps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Nosubkeysfound*

    --------------------------------------------------

    Load/RunkeysfromC:\WINDOWS\WIN.INI:

    load=*INIsectionnotfound*
    run=*INIsectionnotfound*

    Load/RunkeysfromRegistry:

    HKLM\..\WindowsNT\CurrentVersion\WinLogon:load=*Registryvaluenotfound*
    HKLM\..\WindowsNT\CurrentVersion\WinLogon:run=*Registryvaluenotfound*
    HKLM\..\Windows\CurrentVersion\WinLogon:load=*Registrykeynotfound*
    HKLM\..\Windows\CurrentVersion\WinLogon:run=*Registrykeynotfound*
    HKCU\..\WindowsNT\CurrentVersion\WinLogon:load=*Registryvaluenotfound*
    HKCU\..\WindowsNT\CurrentVersion\WinLogon:run=*Registryvaluenotfound*
    HKCU\..\Windows\CurrentVersion\WinLogon:load=*Registrykeynotfound*
    HKCU\..\Windows\CurrentVersion\WinLogon:run=*Registrykeynotfound*
    HKCU\..\WindowsNT\CurrentVersion\Windows:load=
    HKCU\..\WindowsNT\CurrentVersion\Windows:run=
    HKLM\..\WindowsNT\CurrentVersion\Windows:load=*Registryvaluenotfound*
    HKLM\..\WindowsNT\CurrentVersion\Windows:run=*Registryvaluenotfound*
    HKLM\..\WindowsNT\CurrentVersion\Windows:AppInit_DLLs=

    --------------------------------------------------

    Shell&screensaverkeyfromC:\WINDOWS\SYSTEM.INI:

    Shell=*INIsectionnotfound*
    SCRNSAVE.EXE=*INIsectionnotfound*
    drivers=*INIsectionnotfound*

    Shell&screensaverkeyfromRegistry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\ssbezier.scr
    drivers=*Registryvaluenotfound*

    PoliciesShellkey:

    HKCU\..\Policies:Shell=*Registryvaluenotfound*
    HKLM\..\Policies:Shell=*Registryvaluenotfound*

    --------------------------------------------------

    CheckingforEXPLORER.EXEinstances:

    C:\WINDOWS\Explorer.exe:pRESENT!

    C:\Explorer.exe:notpresent
    C:\WINDOWS\Explorer\Explorer.exe:notpresent
    C:\WINDOWS\System\Explorer.exe:notpresent
    C:\WINDOWS\System32\Explorer.exe:notpresent
    C:\WINDOWS\Command\Explorer.exe:notpresent
    C:\WINDOWS\Fonts\Explorer.exe:notpresent

    --------------------------------------------------

    Checkingforsuperhiddenextensions:

    .lnk:HIDDEN!(arrowoverlay:yes)
    .pif:HIDDEN!(arrowoverlay:yes)
    .exe:nothidden
    .com:nothidden
    .bat:nothidden
    .hta:nothidden
    .scr:nothidden
    .shs:HIDDEN!
    .shb:HIDDEN!
    .vbs:nothidden
    .vbe:nothidden
    .wsh:nothidden
    .scf:HIDDEN!(arrowoverlay:NO!)
    .url:HIDDEN!(arrowoverlay:yes)
    .js:nothidden
    .jse:nothidden

    --------------------------------------------------

    VerifyingREGEDIT.EXEintegrity:

    -Regedit.exefoundinC:\WINDOWS
    -.regopencommandisnormal(regedit.exe%1)
    -CompanynameOK:'MicrosoftCorporation'
    -OriginalfilenameOK:'REGEDIT.EXE'
    -Filedescription:'RegistryEditor'

    Registrycheckpassed

    --------------------------------------------------

    EnumeratingBrowserHelperObjects:

    *NoBHO'sfound*

    --------------------------------------------------

    EnumeratingTaskSchedulerjobs:

    *Nojobsfound*

    --------------------------------------------------

    EnumeratingDownloadProgramFiles:

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE=http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

    [JavaPlug-in1.6.0_03]
    InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE=http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

    [JavaPlug-in1.6.0_03]
    InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\ssv.dll
    CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

    [JavaPlug-in1.6.0_03]
    InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\npjpi160_03.dll
    CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

    --------------------------------------------------

    EnumeratingWinsockLSPfiles:

    NameSpace#1:C:\WINDOWS\System32\mswsock.dll
    NameSpace#2:C:\WINDOWS\System32\winrnr.dll
    NameSpace#3:C:\WINDOWS\System32\mswsock.dll
    Protocol#1:C:\WINDOWS\system32\imon.dll
    Protocol#2:C:\WINDOWS\system32\imon.dll
    Protocol#3:C:\WINDOWS\system32\imon.dll
    Protocol#4:C:\WINDOWS\system32\imon.dll
    Protocol#5:C:\WINDOWS\system32\imon.dll
    Protocol#6:C:\WINDOWS\system32\mswsock.dll
    Protocol#7:C:\WINDOWS\system32\mswsock.dll
    Protocol#8:C:\WINDOWS\system32\mswsock.dll
    Protocol#9:C:\WINDOWS\system32\rsvpsp.dll
    Protocol#10:C:\WINDOWS\system32\rsvpsp.dll
    Protocol#11:C:\WINDOWS\system32\mswsock.dll
    Protocol#12:C:\WINDOWS\system32\mswsock.dll
    Protocol#13:C:\WINDOWS\system32\mswsock.dll
    Protocol#14:C:\WINDOWS\system32\mswsock.dll
    Protocol#15:C:\WINDOWS\system32\mswsock.dll
    Protocol#16:C:\WINDOWS\system32\mswsock.dll
    Protocol#17:C:\WINDOWS\system32\mswsock.dll
    Protocol#18:C:\WINDOWS\system32\mswsock.dll
    Protocol#19:C:\WINDOWS\system32\mswsock.dll
    Protocol#20:C:\WINDOWS\system32\mswsock.dll
    Protocol#21:C:\WINDOWS\system32\imon.dll

    --------------------------------------------------

    EnumeratingWindowsNT/2000/XPservices

    MicrosoftACPIDriver:system32\DRIVERS\ACPI.sys(system)
    AdobeLMService:"C:\ProgramFiles\CommonFiles\AdobeSystemsShared\Service\Adobelmsvc.exe"(disabled)
    MicrosoftKernelAcousticEchoCanceller:system32\drivers\aec.sys(manualstart)
    AFDNetworkingSupportEnvironment:\SystemRoot\System32\drivers\afd.sys(system)
    Alerter:%SystemRoot%\system32\svchost.exe-kLocalService(disabled)
    ApplicationLayerGatewayService:%SystemRoot%\System32\alg.exe(manualstart)
    AMDProcessorDriver:system32\DRIVERS\AmdK8.sys(system)
    AMON:\SystemRoot\system32\drivers\amon.sys(autostart)
    ApplicationManagement:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
    RASAsynchronousMediaDriver:System32\DRIVERS\asyncmac.sys(manualstart)
    StandardIDE/ESDIHardDiskController:system32\DRIVERS\atapi.sys(system)
    ATMARPClientProtocol:System32\DRIVERS\atmarpc.sys(manualstart)
    WindowsAudio:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    AudioStubDriver:System32\DRIVERS\audstub.sys(manualstart)
    AVGAnti-SpywareDriver:\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sys(system)
    AVGAnti-SpywareGuard:C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.exe(autostart)
    AVGAnti-SpywareCleanDriver:System32\DRIVERS\AvgAsCln.sys(system)
    BackgroundIntelligentTransferService:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    ComputerBrowser:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    CD-ROMDriver:System32\DRIVERS\cdrom.sys(system)
    IndexingService:%SystemRoot%\system32\cisvc.exe(manualstart)
    ClipBook:%SystemRoot%\system32\clipsrv.exe(disabled)
    COM+SystemApplication:C:\WINDOWS\system32\dllhost.exe/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}(manualstart)
    CryptographicServices:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    DCOMServerProcessLauncher:%SystemRoot%\system32\svchost-kDcomLaunch(autostart)
    DHCPClient:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    DiskDriver:System32\DRIVERS\disk.sys(system)
    LogicalDiskManagerAdministrativeService:%SystemRoot%\System32\dmadmin.exe/com(manualstart)
    dmboot:System32\drivers\dmboot.sys(disabled)
    LogicalDiskManagerDriver:system32\DRIVERS\dmio.sys(system)
    LogicalDiskManager:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    MicrosoftKernelDLSSyntheiszer:system32\drivers\DMusic.sys(manualstart)
    DNSClient:%SystemRoot%\system32\svchost.exe-kNetworkService(autostart)
    MSIEEE-1284.4Driver:system32\DRIVERS\Dot4.sys(manualstart)
    PrintClassDriverforIEEE-1284.4:system32\DRIVERS\Dot4Prt.sys(manualstart)
    Dot4USBFilterDot4USBFilter:system32\DRIVERS\dot4usb.sys(manualstart)
    MicrosoftKernelDRMAudioDescrambler:system32\drivers\drmkaud.sys(manualstart)
    ErrorReportingService:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    EventLog:%SystemRoot%\system32\services.exe(autostart)
    COM+EventSystem:C:\WINDOWS\system32\svchost.exe-knetsvcs(manualstart)
    FastUserSwitchingCompatibility:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
    FloppyDiskControllerDriver:system32\DRIVERS\fdc.sys(manualstart)
    VIAPCI10/100MbFastEthernetAdapterNTDriver:System32\DRIVERS\fetnd5.sys(manualstart)
    VIARhineFamilyFastEthernetAdapterDriverService:system32\DRIVERS\fetnd5b.sys(manualstart)
    FltMgr:system32\DRIVERS\fltMgr.sys(system)
    VolumeManagerDriver:system32\DRIVERS\ftdisk.sys(system)
    MicrosoftGenericAGPv3.0FilterforK8ProcessorPlatforms:system32\DRIVERS\gagp30kx.sys(system)
    GMSIPCI:\??\F:\INSTALL\GMSIPCI.SYS(manualstart)
    GenericPacketClassifier:System32\DRIVERS\msgpc.sys(manualstart)
    HelpandSupport:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    HumanInterfaceDeviceAccess:%SystemRoot%\System32\svchost.exe-knetsvcs(disabled)
    HTTP:System32\Drivers\HTTP.sys(manualstart)
    HTTPSSL:%SystemRoot%\System32\svchost.exe-kHTTPFilter(manualstart)
    i8042KeyboardandPS/2MousePortDriver:System32\DRIVERS\i8042prt.sys(system)
    CD-BurningFilterDriver:system32\DRIVERS\imapi.sys(system)
    IMAPICD-BurningCOMService:C:\WINDOWS\system32\imapi.exe(manualstart)
    IPv6WindowsFirewallDriver:system32\DRIVERS\Ip6Fw.sys(manualstart)
    IPTrafficFilterDriver:System32\DRIVERS\ipfltdrv.sys(manualstart)
    IPinIPTunnelDriver:System32\DRIVERS\ipinip.sys(manualstart)
    IPNetworkAddressTranslator:system32\DRIVERS\ipnat.sys(manualstart)
    IPSECdriver:System32\DRIVERS\ipsec.sys(system)
    IREnumeratorService:System32\DRIVERS\irenum.sys(manualstart)
    PnPISA/EISABusDriver:system32\DRIVERS\isapnp.sys(system)
    KeyboardClassDriver:System32\DRIVERS\kbdclass.sys(system)
    MicrosoftKernelWaveAudioMixer:system32\drivers\kmixer.sys(manualstart)
    Server:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    Workstation:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    TCP/IPNetBIOSHelper:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
    Messenger:%SystemRoot%\system32\svchost.exe-knetsvcs(disabled)
    NetMeetingRemoteDesktopSharing:C:\WINDOWS\System32\mnmsrvc.exe(manualstart)
    MouseClassDriver:System32\DRIVERS\mouclass.sys(system)
    WebDavClientRedirector:System32\DRIVERS\mrxdav.sys(manualstart)
    MRXSMB:System32\DRIVERS\mrxsmb.sys(system)
    DistributedTransactionCoordinator:C:\WINDOWS\System32\msdtc.exe(manualstart)
    WindowsInstaller:C:\WINDOWS\system32\msiexec.exe/V(manualstart)
    MicrosoftStreamingServiceProxy:system32\drivers\MSKSSRV.sys(manualstart)
    MicrosoftStreamingClockProxy:system32\drivers\MSPCLOCK.sys(manualstart)
    MicrosoftStreamingQualityManagerProxy:system32\drivers\MSPQM.sys(manualstart)
    MicrosoftSystemManagementBIOSDriver:system32\DRIVERS\mssmbios.sys(manualstart)
    RemoteAccessNDISTAPIDriver:System32\DRIVERS\ndistapi.sys(manualstart)
    NDISUsermodeI/OProtocol:System32\DRIVERS\ndisuio.sys(manualstart)
    RemoteAccessNDISWANDriver:System32\DRIVERS\ndiswan.sys(manualstart)
    NetBIOSInterface:System32\DRIVERS\netbios.sys(system)
    NetBiosoverTcpip:System32\DRIVERS\netbt.sys(system)
    NetworkDDE:%SystemRoot%\system32\netdde.exe(disabled)
    NetworkDDEDSDM:%SystemRoot%\system32\netdde.exe(disabled)
    NetLogon:%SystemRoot%\system32\lsass.exe(manualstart)
    NetworkConnections:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
    NetworkLocationAwareness(NLA):%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
    NokiaUSBPhoneParent:system32\drivers\nmwcd.sys(manualstart)
    NokiaUSBGeneric:system32\drivers\nmwcdc.sys(manualstart)
    NokiaUSBPort:system32\drivers\nmwcdcj.sys(manualstart)
    NokiaUSBModem:system32\drivers\nmwcdcm.sys(manualstart)
    nod32drv:\SystemRoot\system32\drivers\nod32drv.sys(system)
    NOD32KernelService:"C:\ProgramFiles\Eset\nod32krn.exe"(autostart)
    NTACCESS:\??\F:\NTACCESS.sys(manualstart)
    NTLMSecuritySupportProvider:%SystemRoot%\system32\lsass.exe(manualstart)
    RemovableStorage:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
    IPXTrafficFilterDriver:System32\DRIVERS\nwlnkflt.sys(manualstart)
    IPXTrafficForwarderDriver:System32\DRIVERS\nwlnkfwd.sys(manualstart)
    Parallelportdriver:System32\DRIVERS\parport.sys(manualstart)
    PCIBusDriver:system32\DRIVERS\pci.sys(system)
    PlugandPlay:%SystemRoot%\system32\services.exe(autostart)
    IPSECServices:%SystemRoot%\system32\lsass.exe(autostart)
    WANMiniport(PPTP):System32\DRIVERS\raspptp.sys(manualstart)
    ProcessorDriver:System32\DRIVERS\processr.sys(system)
    ProtectedStorage:%SystemRoot%\system32\lsass.exe(autostart)
    QoSPacketScheduler:System32\DRIVERS\psched.sys(manualstart)
    DirectParallelLinkDriver:System32\DRIVERS\ptilink.sys(manualstart)
    PxHelp20:System32\Drivers\PxHelp20.sys(system)
    RemoteAccessAutoConnectionDriver:System32\DRIVERS\rasacd.sys(system)
    RemoteAccessAutoConnectionManager:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
    WANMiniport(L2TP):System32\DRIVERS\rasl2tp.sys(manualstart)
    RemoteAccessConnectionManager:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
    RemoteAccessPPPOEDriver:System32\DRIVERS\raspppoe.sys(manualstart)
    DirectParallel:System32\DRIVERS\raspti.sys(manualstart)
    Rdbss:System32\DRIVERS\rdbss.sys(system)
    RDPCDD:System32\DRIVERS\RDPCDD.sys(system)
    TerminalServerDeviceRedirectorDriver:System32\DRIVERS\rdpdr.sys(manualstart)
    RemoteDesktopHelpSessionManager:C:\WINDOWS\system32\sessmgr.exe(manualstart)
    DigitalCDAudioPlaybackFilterDriver:System32\DRIVERS\redbook.sys(system)
    RoutingandRemoteAccess:%SystemRoot%\system32\svchost.exe-knetsvcs(disabled)
    RemoteRegistry:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
    CyberlinkRichVideoService(CRVS):"C:\ProgramFiles\CyberLink\SharedFiles\RichVideo.exe"(disabled)
    RemoteProcedureCall(RPC)Locator:%SystemRoot%\system32\locator.exe(manualstart)
    RemoteProcedureCall(RPC):%SystemRoot%\system32\svchost-krpcss(autostart)
    QoSRSVP:%SystemRoot%\system32\rsvp.exe(manualstart)
    SecurityAccountsManager:%SystemRoot%\system32\lsass.exe(autostart)
    SmartCardHelper:%SystemRoot%\System32\SCardSvr.exe(manualstart)
    SmartCard:%SystemRoot%\System32\SCardSvr.exe(manualstart)
    TaskScheduler:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    Secdrv:System32\DRIVERS\secdrv.sys(manualstart)
    SecondaryLogon:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    SystemEventNotification:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    SerenumFilterDriver:system32\DRIVERS\serenum.sys(manualstart)
    Serialportdriver:system32\DRIVERS\serial.sys(system)
    ServiceLayer:"C:\ProgramFiles\PCConnectivitySolution\ServiceLayer.exe"(disabled)
    SetupNTGLM7X:\??\F:\NTGLM7X.sys(manualstart)
    WindowsFirewall/InternetConnectionSharing(ICS):%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    ShellHardwareDetection:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    MicrosoftKernelAudioSplitter:system32\drivers\splitter.sys(manualstart)
    PrintSpooler:%SystemRoot%\system32\spoolsv.exe(autostart)
    SystemRestoreFilterDriver:system32\DRIVERS\sr.sys(system)
    SystemRestoreService:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    Srv:System32\DRIVERS\srv.sys(manualstart)
    SSDPDiscoveryService:%SystemRoot%\system32\svchost.exe-kLocalService(manualstart)
    WindowsImageAcquisition(WIA):%SystemRoot%\system32\svchost.exe-kimgsvc(autostart)
    SoftwareBusDriver:System32\DRIVERS\swenum.sys(manualstart)
    MicrosoftKernelGSWavetableSynthesizer:system32\drivers\swmidi.sys(manualstart)
    MSSoftwareShadowCopyProvider:C:\WINDOWS\system32\dllhost.exe/Processid:{E23FC1DC-13C9-4584-A859-AE3F9387CB1F}(manualstart)
    MicrosoftKernelSystemAudioDevice:system32\drivers\sysaudio.sys(manualstart)
    PerformanceLogsandAlerts:%SystemRoot%\system32\smlogsvc.exe(manualstart)
    Telephony:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
    TCP/IPProtocolDriver:System32\DRIVERS\tcpip.sys(system)
    TerminalDeviceDriver:System32\DRIVERS\termdd.sys(system)
    TerminalServices:%SystemRoot%\System32\svchost-kDComLaunch(manualstart)
    Themes:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    Telnet:C:\WINDOWS\System32\tlntsvr.exe(disabled)
    DistributedLinkTrackingClient:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
    MicrocodeUpdateDriver:System32\DRIVERS\update.sys(manualstart)
    UniversalPlugandPlayDeviceHost:%SystemRoot%\system32\svchost.exe-kLocalService(manualstart)
    UninterruptiblePowerSupply:%SystemRoot%\System32\ups.exe(manualstart)
    MicrosoftUSB2.0EnhancedHostControllerMiniportDriver:system32\DRIVERS\usbehci.sys(manualstart)
    USB2EnabledHub:system32\DRIVERS\usbhub.sys(manualstart)
    MicrosoftUSBPRINTERClass:system32\DRIVERS\usbprint.sys(manualstart)
    USBMassStorageDriver:system32\DRIVERS\USBSTOR.SYS(manualstart)
    MicrosoftUSBUniversalHostControllerMiniportDriver:system32\DRIVERS\usbuhci.sys(manualstart)
    VgaSave:\SystemRoot\System32\drivers\vga.sys(system)
    viagfx:system32\DRIVERS\vtmini.sys(manualstart)
    ViaIde:system32\DRIVERS\viaide.sys(system)
    viamraid:system32\DRIVERS\viamraid.sys(system)
    VinylAC'97AudioController(WDM):system32\drivers\vinyl97.sys(manualstart)
    VolumeShadowCopy:%SystemRoot%\System32\vssvc.exe(manualstart)
    VIAUSBHostControllerLowerFilter:\SystemRoot\System32\Drivers\vulfnth.sys(manualstart)
    VIAUSBRoothubLowerFilter:\SystemRoot\System32\Drivers\vulfntr.sys(manualstart)
    WindowsTime:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    RemoteAccessIPARPDriver:System32\DRIVERS\wanarp.sys(manualstart)
    MicrosoftWINMMWDMAudioCompatibilityDriver:system32\drivers\wdmaud.sys(manualstart)
    WebClient:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
    WindowsManagementInstrumentation:%systemroot%\system32\svchost.exe-knetsvcs(autostart)
    PortableMediaSerialNumberService:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
    WindowsManagementInstrumentationDriverExtensions:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
    WMIPerformanceAdapter:C:\WINDOWS\system32\wbem\wmiapsrv.exe(manualstart)
    WindowsMediaPlayerNetworkSharingService:"C:\ProgramFiles\WindowsMediaPlayer\wmpnetwk.exe"(disabled)
    WpdUsb:system32\DRIVERS\wpdusb.sys(manualstart)
    WindowsSocket2.0Non-IFSServiceProviderSupportEnvironment:\SystemRoot\System32\drivers\ws2ifsl.sys(system)
    SecurityCenter:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    AutomaticUpdates:%systemroot%\system32\svchost.exe-knetsvcs(autostart)
    WindowsDriverFoundation-User-modeDriverFrameworkPlatformDriver:system32\DRIVERS\WudfPf.sys(system)
    WindowsDriverFoundation-User-modeDriverFrameworkReflector:system32\DRIVERS\wudfrd.sys(manualstart)
    WindowsDriverFoundation-User-modeDriverFramework:%SystemRoot%\system32\svchost.exe-kWudfServiceGroup(autostart)
    WirelessZeroConfiguration:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
    NetworkProvisioningService:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)


    --------------------------------------------------

    EnumeratingWindowsNTlogon/logoffscripts:
    *Noscriptssettorun*

    WindowsNTcheckdiskcommand:
    BootExecute=autocheckautochk*

    WindowsNT'Wininit.ini':
    PendingFileRenameOperations:C:\PROGRAMFILES\COMMONFILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE||C:\PROGRAMFILES\COMMONFILES\BITDEFENDER\BITDEFENDERTHREATSCANNER\PROFOS.SYS||C:\PROGRAMFILES\COMMONFILES\BITDEFENDER\BITDEFENDERTHREATSCANNER\TRUFOS.SYS||C:\DOCUME~1\Chetan\LOCALS~1\Temp\_iu14D2N.tmp


    --------------------------------------------------

    EnumeratingShellServiceObjectDelayLoaditems:

    PostBootReminder:C:\WINDOWS\system32\SHELL32.dll
    CDBurn:C:\WINDOWS\system32\SHELL32.dll
    WebCheck:C:\WINDOWS\system32\webcheck.dll
    SysTray:C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj:C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    AutorunentriesfromRegistry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registrykeynotfound*

    --------------------------------------------------

    AutorunentriesfromRegistry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registrykeynotfound*

    --------------------------------------------------

    Endofreport,31,855bytes
    Reportgeneratedin0.734seconds
     
  2. script.kiddie

    script.kiddie Thread Starter

    Joined:
    Dec 14, 2007
    Messages:
    6
    My system is infected with Win32/PSW.OnLineGames.MUU trojan in file C:\WINDOWS\system32\amvo.exe (infected file)
    I am unable to set my windowsExplorer options to "show hidden files and folders" and a file named Autorun.inf is there in every partition/drive...in the root directory. The problem was found while using Microsoft Internet Explorer 6.0
    This was detected by my Antivirus, "NOD32 v2.0" I dont know from where it came from...as I am a knowledgeable person and i scan every file on www.virustotal.com Every file that I download.

    I scanned my system with Nod32, AVG Anti-spyware, Ad-aware2007, Spyware Doctor. They found some threats, i removed them, after that i rebooted my system, scanned again, the viruses were found again. WHAT SHLD I DO...PLZ HELP ME"
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/699817

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice