Infected With Win32/psw.onlinegames.muu Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

script.kiddie

Thread Starter
Joined
Dec 14, 2007
Messages
6
StartupListreport,4/3/2008,1:27:43AM
StartupListversion:1.52.2
Startedfrom:D:\HijackThis.EXE
Detected:WindowsXPSP2(WinNT5.01.2600)
Detected:InternetExplorerv6.00SP2(6.00.2900.2180)
*Usingdefaultoptions
*Includingemptyanduninterestingsections
*Showingrarelyimportantsections
==================================================
Runningprocesses:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.exe
C:\ProgramFiles\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\ProgramFiles\Eset\nod32kui.exe
C:\ProgramFiles\MozillaFirefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\ProgramFiles\Eset\nod32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis.exe

--------------------------------------------------
Listingofstartupfolders:

ShellfoldersStartup:
[C:\DocumentsandSettings\Chetan\StartMenu\Programs\Startup]
*Nofiles*

ShellfoldersAltStartup:
*Foldernotfound*

UsershellfoldersStartup:
*Foldernotfound*

UsershellfoldersAltStartup:
*Foldernotfound*

ShellfoldersCommonStartup:
[C:\DocumentsandSettings\AllUsers\StartMenu\Programs\Startup]
*Nofiles*

ShellfoldersCommonAltStartup:
*Foldernotfound*

UsershellfoldersCommonStartup:
*Foldernotfound*

UsershellfoldersAlternateCommonStartup:
*Foldernotfound*

--------------------------------------------------

CheckingWindowsNTUserInit:

[HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
UserInit=C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registrykeynotfound*

[HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
*Registryvaluenotfound*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nod32kui="C:\ProgramFiles\Eset\nod32kui.exe"/WAITSERVICE
MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe/auto

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Novaluesfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Title=UnHackMeRootkitCheck

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*Novaluesfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Novaluesfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Run

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Run

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*Novaluesfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

[ApprovedByRegRun2]
*Novaluesfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Nosubkeysfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*Nosubkeysfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Nosubkeysfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Run
*Registrykeynotfound*

--------------------------------------------------

AutorunentriesinRegistrysubkeysof:
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Run
*Registrykeynotfound*

--------------------------------------------------

Fileassociationentryfor.EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default)="%1"%*

--------------------------------------------------

Fileassociationentryfor.COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default)="%1"%*

--------------------------------------------------

Fileassociationentryfor.BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default)="%1"%*

--------------------------------------------------

Fileassociationentryfor.PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default)="%1"%*

--------------------------------------------------

Fileassociationentryfor.SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default)="%1"/S

--------------------------------------------------

Fileassociationentryfor.HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default)=C:\WINDOWS\system32\mshta.exe"%1"%*

--------------------------------------------------

Fileassociationentryfor.TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default)=%SystemRoot%\system32\NOTEPAD.EXE%1

--------------------------------------------------

EnumeratingActiveSetupstubpaths:
HKLM\Software\Microsoft\ActiveSetup\InstalledComponents
(*=disabledbyHKCUtwin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath=C:\WINDOWS\inf\unregmp2.exe/ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]*
StubPath=%systemroot%\system32\shmgrate.exeOCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]*
StubPath=RunDLL32IEDKCS32.DLL,BrandIE4SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]*
StubPath=%systemroot%\system32\shmgrate.exeOCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]*
StubPath=%SystemRoot%\system32\regsvr32.exe/s/n/i:/UserInstall%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]*
StubPath="%ProgramFiles%\OutlookExpress\setup50.exe"/APP:OE/CALLER:WINNT/user/install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]*
StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}]*
StubPath=%SystemRoot%\System32\rundll32.exesetupapi,InstallHinfSectionMarketplaceLinkInstall896%systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}]*
StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}]*
StubPath=rundll32.exeadvpack.dll,LaunchINFSectionC:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}]*
StubPath="%ProgramFiles%\OutlookExpress\setup50.exe"/APP:WAB/CALLER:WINNT/user/install

[{89820200-ECBD-11cf-8B85-00AA005B4340}]*
StubPath=regsvr32.exe/s/n/i:Ushell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]*
StubPath=%SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

EnumeratingICQAgentAutostartapps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Nosubkeysfound*

--------------------------------------------------

Load/RunkeysfromC:\WINDOWS\WIN.INI:

load=*INIsectionnotfound*
run=*INIsectionnotfound*

Load/RunkeysfromRegistry:

HKLM\..\WindowsNT\CurrentVersion\WinLogon:load=*Registryvaluenotfound*
HKLM\..\WindowsNT\CurrentVersion\WinLogon:run=*Registryvaluenotfound*
HKLM\..\Windows\CurrentVersion\WinLogon:load=*Registrykeynotfound*
HKLM\..\Windows\CurrentVersion\WinLogon:run=*Registrykeynotfound*
HKCU\..\WindowsNT\CurrentVersion\WinLogon:load=*Registryvaluenotfound*
HKCU\..\WindowsNT\CurrentVersion\WinLogon:run=*Registryvaluenotfound*
HKCU\..\Windows\CurrentVersion\WinLogon:load=*Registrykeynotfound*
HKCU\..\Windows\CurrentVersion\WinLogon:run=*Registrykeynotfound*
HKCU\..\WindowsNT\CurrentVersion\Windows:load=
HKCU\..\WindowsNT\CurrentVersion\Windows:run=
HKLM\..\WindowsNT\CurrentVersion\Windows:load=*Registryvaluenotfound*
HKLM\..\WindowsNT\CurrentVersion\Windows:run=*Registryvaluenotfound*
HKLM\..\WindowsNT\CurrentVersion\Windows:AppInit_DLLs=

--------------------------------------------------

Shell&screensaverkeyfromC:\WINDOWS\SYSTEM.INI:

Shell=*INIsectionnotfound*
SCRNSAVE.EXE=*INIsectionnotfound*
drivers=*INIsectionnotfound*

Shell&screensaverkeyfromRegistry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssbezier.scr
drivers=*Registryvaluenotfound*

PoliciesShellkey:

HKCU\..\Policies:Shell=*Registryvaluenotfound*
HKLM\..\Policies:Shell=*Registryvaluenotfound*

--------------------------------------------------

CheckingforEXPLORER.EXEinstances:

C:\WINDOWS\Explorer.exe:pRESENT!

C:\Explorer.exe:notpresent
C:\WINDOWS\Explorer\Explorer.exe:notpresent
C:\WINDOWS\System\Explorer.exe:notpresent
C:\WINDOWS\System32\Explorer.exe:notpresent
C:\WINDOWS\Command\Explorer.exe:notpresent
C:\WINDOWS\Fonts\Explorer.exe:notpresent

--------------------------------------------------

Checkingforsuperhiddenextensions:

.lnk:HIDDEN!(arrowoverlay:yes)
.pif:HIDDEN!(arrowoverlay:yes)
.exe:nothidden
.com:nothidden
.bat:nothidden
.hta:nothidden
.scr:nothidden
.shs:HIDDEN!
.shb:HIDDEN!
.vbs:nothidden
.vbe:nothidden
.wsh:nothidden
.scf:HIDDEN!(arrowoverlay:NO!)
.url:HIDDEN!(arrowoverlay:yes)
.js:nothidden
.jse:nothidden

--------------------------------------------------

VerifyingREGEDIT.EXEintegrity:

-Regedit.exefoundinC:\WINDOWS
-.regopencommandisnormal(regedit.exe%1)
-CompanynameOK:'MicrosoftCorporation'
-OriginalfilenameOK:'REGEDIT.EXE'
-Filedescription:'RegistryEditor'

Registrycheckpassed

--------------------------------------------------

EnumeratingBrowserHelperObjects:

*NoBHO'sfound*

--------------------------------------------------

EnumeratingTaskSchedulerjobs:

*Nojobsfound*

--------------------------------------------------

EnumeratingDownloadProgramFiles:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE=http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[JavaPlug-in1.6.0_03]
InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE=http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[JavaPlug-in1.6.0_03]
InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[JavaPlug-in1.6.0_03]
InProcServer32=C:\ProgramFiles\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE=http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

--------------------------------------------------

EnumeratingWinsockLSPfiles:

NameSpace#1:C:\WINDOWS\System32\mswsock.dll
NameSpace#2:C:\WINDOWS\System32\winrnr.dll
NameSpace#3:C:\WINDOWS\System32\mswsock.dll
Protocol#1:C:\WINDOWS\system32\imon.dll
Protocol#2:C:\WINDOWS\system32\imon.dll
Protocol#3:C:\WINDOWS\system32\imon.dll
Protocol#4:C:\WINDOWS\system32\imon.dll
Protocol#5:C:\WINDOWS\system32\imon.dll
Protocol#6:C:\WINDOWS\system32\mswsock.dll
Protocol#7:C:\WINDOWS\system32\mswsock.dll
Protocol#8:C:\WINDOWS\system32\mswsock.dll
Protocol#9:C:\WINDOWS\system32\rsvpsp.dll
Protocol#10:C:\WINDOWS\system32\rsvpsp.dll
Protocol#11:C:\WINDOWS\system32\mswsock.dll
Protocol#12:C:\WINDOWS\system32\mswsock.dll
Protocol#13:C:\WINDOWS\system32\mswsock.dll
Protocol#14:C:\WINDOWS\system32\mswsock.dll
Protocol#15:C:\WINDOWS\system32\mswsock.dll
Protocol#16:C:\WINDOWS\system32\mswsock.dll
Protocol#17:C:\WINDOWS\system32\mswsock.dll
Protocol#18:C:\WINDOWS\system32\mswsock.dll
Protocol#19:C:\WINDOWS\system32\mswsock.dll
Protocol#20:C:\WINDOWS\system32\mswsock.dll
Protocol#21:C:\WINDOWS\system32\imon.dll

--------------------------------------------------

EnumeratingWindowsNT/2000/XPservices

MicrosoftACPIDriver:system32\DRIVERS\ACPI.sys(system)
AdobeLMService:"C:\ProgramFiles\CommonFiles\AdobeSystemsShared\Service\Adobelmsvc.exe"(disabled)
MicrosoftKernelAcousticEchoCanceller:system32\drivers\aec.sys(manualstart)
AFDNetworkingSupportEnvironment:\SystemRoot\System32\drivers\afd.sys(system)
Alerter:%SystemRoot%\system32\svchost.exe-kLocalService(disabled)
ApplicationLayerGatewayService:%SystemRoot%\System32\alg.exe(manualstart)
AMDProcessorDriver:system32\DRIVERS\AmdK8.sys(system)
AMON:\SystemRoot\system32\drivers\amon.sys(autostart)
ApplicationManagement:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
RASAsynchronousMediaDriver:System32\DRIVERS\asyncmac.sys(manualstart)
StandardIDE/ESDIHardDiskController:system32\DRIVERS\atapi.sys(system)
ATMARPClientProtocol:System32\DRIVERS\atmarpc.sys(manualstart)
WindowsAudio:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
AudioStubDriver:System32\DRIVERS\audstub.sys(manualstart)
AVGAnti-SpywareDriver:\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sys(system)
AVGAnti-SpywareGuard:C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.exe(autostart)
AVGAnti-SpywareCleanDriver:System32\DRIVERS\AvgAsCln.sys(system)
BackgroundIntelligentTransferService:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
ComputerBrowser:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
CD-ROMDriver:System32\DRIVERS\cdrom.sys(system)
IndexingService:%SystemRoot%\system32\cisvc.exe(manualstart)
ClipBook:%SystemRoot%\system32\clipsrv.exe(disabled)
COM+SystemApplication:C:\WINDOWS\system32\dllhost.exe/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}(manualstart)
CryptographicServices:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
DCOMServerProcessLauncher:%SystemRoot%\system32\svchost-kDcomLaunch(autostart)
DHCPClient:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
DiskDriver:System32\DRIVERS\disk.sys(system)
LogicalDiskManagerAdministrativeService:%SystemRoot%\System32\dmadmin.exe/com(manualstart)
dmboot:System32\drivers\dmboot.sys(disabled)
LogicalDiskManagerDriver:system32\DRIVERS\dmio.sys(system)
LogicalDiskManager:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
MicrosoftKernelDLSSyntheiszer:system32\drivers\DMusic.sys(manualstart)
DNSClient:%SystemRoot%\system32\svchost.exe-kNetworkService(autostart)
MSIEEE-1284.4Driver:system32\DRIVERS\Dot4.sys(manualstart)
PrintClassDriverforIEEE-1284.4:system32\DRIVERS\Dot4Prt.sys(manualstart)
Dot4USBFilterDot4USBFilter:system32\DRIVERS\dot4usb.sys(manualstart)
MicrosoftKernelDRMAudioDescrambler:system32\drivers\drmkaud.sys(manualstart)
ErrorReportingService:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
EventLog:%SystemRoot%\system32\services.exe(autostart)
COM+EventSystem:C:\WINDOWS\system32\svchost.exe-knetsvcs(manualstart)
FastUserSwitchingCompatibility:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
FloppyDiskControllerDriver:system32\DRIVERS\fdc.sys(manualstart)
VIAPCI10/100MbFastEthernetAdapterNTDriver:System32\DRIVERS\fetnd5.sys(manualstart)
VIARhineFamilyFastEthernetAdapterDriverService:system32\DRIVERS\fetnd5b.sys(manualstart)
FltMgr:system32\DRIVERS\fltMgr.sys(system)
VolumeManagerDriver:system32\DRIVERS\ftdisk.sys(system)
MicrosoftGenericAGPv3.0FilterforK8ProcessorPlatforms:system32\DRIVERS\gagp30kx.sys(system)
GMSIPCI:\??\F:\INSTALL\GMSIPCI.SYS(manualstart)
GenericPacketClassifier:System32\DRIVERS\msgpc.sys(manualstart)
HelpandSupport:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
HumanInterfaceDeviceAccess:%SystemRoot%\System32\svchost.exe-knetsvcs(disabled)
HTTP:System32\Drivers\HTTP.sys(manualstart)
HTTPSSL:%SystemRoot%\System32\svchost.exe-kHTTPFilter(manualstart)
i8042KeyboardandPS/2MousePortDriver:System32\DRIVERS\i8042prt.sys(system)
CD-BurningFilterDriver:system32\DRIVERS\imapi.sys(system)
IMAPICD-BurningCOMService:C:\WINDOWS\system32\imapi.exe(manualstart)
IPv6WindowsFirewallDriver:system32\DRIVERS\Ip6Fw.sys(manualstart)
IPTrafficFilterDriver:System32\DRIVERS\ipfltdrv.sys(manualstart)
IPinIPTunnelDriver:System32\DRIVERS\ipinip.sys(manualstart)
IPNetworkAddressTranslator:system32\DRIVERS\ipnat.sys(manualstart)
IPSECdriver:System32\DRIVERS\ipsec.sys(system)
IREnumeratorService:System32\DRIVERS\irenum.sys(manualstart)
PnPISA/EISABusDriver:system32\DRIVERS\isapnp.sys(system)
KeyboardClassDriver:System32\DRIVERS\kbdclass.sys(system)
MicrosoftKernelWaveAudioMixer:system32\drivers\kmixer.sys(manualstart)
Server:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
Workstation:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
TCP/IPNetBIOSHelper:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
Messenger:%SystemRoot%\system32\svchost.exe-knetsvcs(disabled)
NetMeetingRemoteDesktopSharing:C:\WINDOWS\System32\mnmsrvc.exe(manualstart)
MouseClassDriver:System32\DRIVERS\mouclass.sys(system)
WebDavClientRedirector:System32\DRIVERS\mrxdav.sys(manualstart)
MRXSMB:System32\DRIVERS\mrxsmb.sys(system)
DistributedTransactionCoordinator:C:\WINDOWS\System32\msdtc.exe(manualstart)
WindowsInstaller:C:\WINDOWS\system32\msiexec.exe/V(manualstart)
MicrosoftStreamingServiceProxy:system32\drivers\MSKSSRV.sys(manualstart)
MicrosoftStreamingClockProxy:system32\drivers\MSPCLOCK.sys(manualstart)
MicrosoftStreamingQualityManagerProxy:system32\drivers\MSPQM.sys(manualstart)
MicrosoftSystemManagementBIOSDriver:system32\DRIVERS\mssmbios.sys(manualstart)
RemoteAccessNDISTAPIDriver:System32\DRIVERS\ndistapi.sys(manualstart)
NDISUsermodeI/OProtocol:System32\DRIVERS\ndisuio.sys(manualstart)
RemoteAccessNDISWANDriver:System32\DRIVERS\ndiswan.sys(manualstart)
NetBIOSInterface:System32\DRIVERS\netbios.sys(system)
NetBiosoverTcpip:System32\DRIVERS\netbt.sys(system)
NetworkDDE:%SystemRoot%\system32\netdde.exe(disabled)
NetworkDDEDSDM:%SystemRoot%\system32\netdde.exe(disabled)
NetLogon:%SystemRoot%\system32\lsass.exe(manualstart)
NetworkConnections:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
NetworkLocationAwareness(NLA):%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
NokiaUSBPhoneParent:system32\drivers\nmwcd.sys(manualstart)
NokiaUSBGeneric:system32\drivers\nmwcdc.sys(manualstart)
NokiaUSBPort:system32\drivers\nmwcdcj.sys(manualstart)
NokiaUSBModem:system32\drivers\nmwcdcm.sys(manualstart)
nod32drv:\SystemRoot\system32\drivers\nod32drv.sys(system)
NOD32KernelService:"C:\ProgramFiles\Eset\nod32krn.exe"(autostart)
NTACCESS:\??\F:\NTACCESS.sys(manualstart)
NTLMSecuritySupportProvider:%SystemRoot%\system32\lsass.exe(manualstart)
RemovableStorage:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
IPXTrafficFilterDriver:System32\DRIVERS\nwlnkflt.sys(manualstart)
IPXTrafficForwarderDriver:System32\DRIVERS\nwlnkfwd.sys(manualstart)
Parallelportdriver:System32\DRIVERS\parport.sys(manualstart)
PCIBusDriver:system32\DRIVERS\pci.sys(system)
PlugandPlay:%SystemRoot%\system32\services.exe(autostart)
IPSECServices:%SystemRoot%\system32\lsass.exe(autostart)
WANMiniport(PPTP):System32\DRIVERS\raspptp.sys(manualstart)
ProcessorDriver:System32\DRIVERS\processr.sys(system)
ProtectedStorage:%SystemRoot%\system32\lsass.exe(autostart)
QoSPacketScheduler:System32\DRIVERS\psched.sys(manualstart)
DirectParallelLinkDriver:System32\DRIVERS\ptilink.sys(manualstart)
PxHelp20:System32\Drivers\PxHelp20.sys(system)
RemoteAccessAutoConnectionDriver:System32\DRIVERS\rasacd.sys(system)
RemoteAccessAutoConnectionManager:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
WANMiniport(L2TP):System32\DRIVERS\rasl2tp.sys(manualstart)
RemoteAccessConnectionManager:%SystemRoot%\system32\svchost.exe-knetsvcs(manualstart)
RemoteAccessPPPOEDriver:System32\DRIVERS\raspppoe.sys(manualstart)
DirectParallel:System32\DRIVERS\raspti.sys(manualstart)
Rdbss:System32\DRIVERS\rdbss.sys(system)
RDPCDD:System32\DRIVERS\RDPCDD.sys(system)
TerminalServerDeviceRedirectorDriver:System32\DRIVERS\rdpdr.sys(manualstart)
RemoteDesktopHelpSessionManager:C:\WINDOWS\system32\sessmgr.exe(manualstart)
DigitalCDAudioPlaybackFilterDriver:System32\DRIVERS\redbook.sys(system)
RoutingandRemoteAccess:%SystemRoot%\system32\svchost.exe-knetsvcs(disabled)
RemoteRegistry:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
CyberlinkRichVideoService(CRVS):"C:\ProgramFiles\CyberLink\SharedFiles\RichVideo.exe"(disabled)
RemoteProcedureCall(RPC)Locator:%SystemRoot%\system32\locator.exe(manualstart)
RemoteProcedureCall(RPC):%SystemRoot%\system32\svchost-krpcss(autostart)
QoSRSVP:%SystemRoot%\system32\rsvp.exe(manualstart)
SecurityAccountsManager:%SystemRoot%\system32\lsass.exe(autostart)
SmartCardHelper:%SystemRoot%\System32\SCardSvr.exe(manualstart)
SmartCard:%SystemRoot%\System32\SCardSvr.exe(manualstart)
TaskScheduler:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
Secdrv:System32\DRIVERS\secdrv.sys(manualstart)
SecondaryLogon:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
SystemEventNotification:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
SerenumFilterDriver:system32\DRIVERS\serenum.sys(manualstart)
Serialportdriver:system32\DRIVERS\serial.sys(system)
ServiceLayer:"C:\ProgramFiles\PCConnectivitySolution\ServiceLayer.exe"(disabled)
SetupNTGLM7X:\??\F:\NTGLM7X.sys(manualstart)
WindowsFirewall/InternetConnectionSharing(ICS):%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
ShellHardwareDetection:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
MicrosoftKernelAudioSplitter:system32\drivers\splitter.sys(manualstart)
PrintSpooler:%SystemRoot%\system32\spoolsv.exe(autostart)
SystemRestoreFilterDriver:system32\DRIVERS\sr.sys(system)
SystemRestoreService:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
Srv:System32\DRIVERS\srv.sys(manualstart)
SSDPDiscoveryService:%SystemRoot%\system32\svchost.exe-kLocalService(manualstart)
WindowsImageAcquisition(WIA):%SystemRoot%\system32\svchost.exe-kimgsvc(autostart)
SoftwareBusDriver:System32\DRIVERS\swenum.sys(manualstart)
MicrosoftKernelGSWavetableSynthesizer:system32\drivers\swmidi.sys(manualstart)
MSSoftwareShadowCopyProvider:C:\WINDOWS\system32\dllhost.exe/Processid:{E23FC1DC-13C9-4584-A859-AE3F9387CB1F}(manualstart)
MicrosoftKernelSystemAudioDevice:system32\drivers\sysaudio.sys(manualstart)
PerformanceLogsandAlerts:%SystemRoot%\system32\smlogsvc.exe(manualstart)
Telephony:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
TCP/IPProtocolDriver:System32\DRIVERS\tcpip.sys(system)
TerminalDeviceDriver:System32\DRIVERS\termdd.sys(system)
TerminalServices:%SystemRoot%\System32\svchost-kDComLaunch(manualstart)
Themes:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
Telnet:C:\WINDOWS\System32\tlntsvr.exe(disabled)
DistributedLinkTrackingClient:%SystemRoot%\system32\svchost.exe-knetsvcs(autostart)
MicrocodeUpdateDriver:System32\DRIVERS\update.sys(manualstart)
UniversalPlugandPlayDeviceHost:%SystemRoot%\system32\svchost.exe-kLocalService(manualstart)
UninterruptiblePowerSupply:%SystemRoot%\System32\ups.exe(manualstart)
MicrosoftUSB2.0EnhancedHostControllerMiniportDriver:system32\DRIVERS\usbehci.sys(manualstart)
USB2EnabledHub:system32\DRIVERS\usbhub.sys(manualstart)
MicrosoftUSBPRINTERClass:system32\DRIVERS\usbprint.sys(manualstart)
USBMassStorageDriver:system32\DRIVERS\USBSTOR.SYS(manualstart)
MicrosoftUSBUniversalHostControllerMiniportDriver:system32\DRIVERS\usbuhci.sys(manualstart)
VgaSave:\SystemRoot\System32\drivers\vga.sys(system)
viagfx:system32\DRIVERS\vtmini.sys(manualstart)
ViaIde:system32\DRIVERS\viaide.sys(system)
viamraid:system32\DRIVERS\viamraid.sys(system)
VinylAC'97AudioController(WDM):system32\drivers\vinyl97.sys(manualstart)
VolumeShadowCopy:%SystemRoot%\System32\vssvc.exe(manualstart)
VIAUSBHostControllerLowerFilter:\SystemRoot\System32\Drivers\vulfnth.sys(manualstart)
VIAUSBRoothubLowerFilter:\SystemRoot\System32\Drivers\vulfntr.sys(manualstart)
WindowsTime:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
RemoteAccessIPARPDriver:System32\DRIVERS\wanarp.sys(manualstart)
MicrosoftWINMMWDMAudioCompatibilityDriver:system32\drivers\wdmaud.sys(manualstart)
WebClient:%SystemRoot%\system32\svchost.exe-kLocalService(autostart)
WindowsManagementInstrumentation:%systemroot%\system32\svchost.exe-knetsvcs(autostart)
PortableMediaSerialNumberService:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
WindowsManagementInstrumentationDriverExtensions:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)
WMIPerformanceAdapter:C:\WINDOWS\system32\wbem\wmiapsrv.exe(manualstart)
WindowsMediaPlayerNetworkSharingService:"C:\ProgramFiles\WindowsMediaPlayer\wmpnetwk.exe"(disabled)
WpdUsb:system32\DRIVERS\wpdusb.sys(manualstart)
WindowsSocket2.0Non-IFSServiceProviderSupportEnvironment:\SystemRoot\System32\drivers\ws2ifsl.sys(system)
SecurityCenter:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
AutomaticUpdates:%systemroot%\system32\svchost.exe-knetsvcs(autostart)
WindowsDriverFoundation-User-modeDriverFrameworkPlatformDriver:system32\DRIVERS\WudfPf.sys(system)
WindowsDriverFoundation-User-modeDriverFrameworkReflector:system32\DRIVERS\wudfrd.sys(manualstart)
WindowsDriverFoundation-User-modeDriverFramework:%SystemRoot%\system32\svchost.exe-kWudfServiceGroup(autostart)
WirelessZeroConfiguration:%SystemRoot%\System32\svchost.exe-knetsvcs(autostart)
NetworkProvisioningService:%SystemRoot%\System32\svchost.exe-knetsvcs(manualstart)


--------------------------------------------------

EnumeratingWindowsNTlogon/logoffscripts:
*Noscriptssettorun*

WindowsNTcheckdiskcommand:
BootExecute=autocheckautochk*

WindowsNT'Wininit.ini':
PendingFileRenameOperations:C:\PROGRAMFILES\COMMONFILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE||C:\PROGRAMFILES\COMMONFILES\BITDEFENDER\BITDEFENDERTHREATSCANNER\PROFOS.SYS||C:\PROGRAMFILES\COMMONFILES\BITDEFENDER\BITDEFENDERTHREATSCANNER\TRUFOS.SYS||C:\DOCUME~1\Chetan\LOCALS~1\Temp\_iu14D2N.tmp


--------------------------------------------------

EnumeratingShellServiceObjectDelayLoaditems:

PostBootReminder:C:\WINDOWS\system32\SHELL32.dll
CDBurn:C:\WINDOWS\system32\SHELL32.dll
WebCheck:C:\WINDOWS\system32\webcheck.dll
SysTray:C:\WINDOWS\system32\stobject.dll
WPDShServiceObj:C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
AutorunentriesfromRegistry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registrykeynotfound*

--------------------------------------------------

AutorunentriesfromRegistry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registrykeynotfound*

--------------------------------------------------

Endofreport,31,855bytes
Reportgeneratedin0.734seconds
 

script.kiddie

Thread Starter
Joined
Dec 14, 2007
Messages
6
My system is infected with Win32/PSW.OnLineGames.MUU trojan in file C:\WINDOWS\system32\amvo.exe (infected file)
I am unable to set my windowsExplorer options to "show hidden files and folders" and a file named Autorun.inf is there in every partition/drive...in the root directory. The problem was found while using Microsoft Internet Explorer 6.0
This was detected by my Antivirus, "NOD32 v2.0" I dont know from where it came from...as I am a knowledgeable person and i scan every file on www.virustotal.com Every file that I download.

I scanned my system with Nod32, AVG Anti-spyware, Ad-aware2007, Spyware Doctor. They found some threats, i removed them, after that i rebooted my system, scanned again, the viruses were found again. WHAT SHLD I DO...PLZ HELP ME"
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top