1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Scan detected Win32.TrojanDownloader.Agent Please help

Discussion in 'Virus & Other Malware Removal' started by suite1009, Nov 15, 2007.

Thread Status:
Not open for further replies.
  1. suite1009

    suite1009 Thread Starter

    Joined:
    Nov 15, 2007
    Messages:
    2
    Hello,
    My Ad Aware detected the Win32.TrojanDownloader.Agent after i did a scan. I deleted it, reboot my pc and ran another ad aware scan afterwards and it came up again.

    I followed the instructions and steps that were given to somebody else who was having a similar problem on this forum up to the point where the moderator asks for the "NEW COMBOFIX and HIJACKTHIS LOGS"
    (Here is the link to the thread that i followed step by step up to the point where the moderator asks for the new log files..."http://forums.techguy.org/malware-removal-hijackthis-logs/650711-scans-detected-win32-backdoor-agent.html"

    So to recap...So far i've...updated java & deleted the old versions, downloaded and ran ComboFix. I also wanted to add that as I was writing this thread my Avast Anti Virus popped up and warned me of 3 new trojans...never seen it before...I hit the delete option on all. I will also include a log of what Avast Anti Virus found as well.

    Thanks in advance...here are my log files:

    ComboFix 07-11-08.1 - Administrator 2007-11-15 16:24:32.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.622 [GMT -8:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Application Data\inst.exe
    C:\Program Files\WinAble
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\system32\aybeg.ini
    C:\WINDOWS\system32\aybeg.ini2
    C:\WINDOWS\system32\f1
    C:\WINDOWS\system32\gebya.dll
    C:\WINDOWS\system32\h2
    C:\WINDOWS\system32\h2\jumper83122.exe
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\q8
    C:\WINDOWS\system32\r2
    C:\WINDOWS\system32\r2\revdrive33b.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
    .

    2007-11-15 16:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-15 16:13 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-11-15 12:05 36,352 --a------ C:\WINDOWS\system32\vtutrpo.dll
    2007-11-15 12:05 765 --a------ C:\Documents and Settings\Administrator\z.dat
    2007-11-15 12:05 645 --a------ C:\Documents and Settings\Administrator\x.dat
    2007-11-15 11:41 <DIR> d-------- C:\Program Files\VSO
    2007-11-15 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Vso
    2007-11-15 11:41 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2007-11-15 11:41 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2007-11-15 11:41 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2007-11-15 11:41 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-11-15 11:41 47,360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    2007-11-14 21:33 <DIR> d-------- C:\Program Files\Avi2Dvd
    2007-11-14 21:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-14 21:18 <DIR> d-------- C:\WINDOWS\system32\6A716F726F757
    2007-11-14 21:18 124,416 --a------ C:\WINDOWS\system32\E7EEECEFECF2E.exe
    2007-11-14 21:18 36,352 --a------ C:\WINDOWS\system32\tuvuspm.dll
    2007-11-14 21:18 36,352 --a------ C:\WINDOWS\system32\iiihhhf.dll
    2007-11-14 21:18 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
    2007-11-14 21:18 120 --a------ C:\n.bat
    2007-11-14 21:18 0 --a------ C:\z.dat
    2007-11-14 21:18 0 --a------ C:\x.dat
    2007-11-14 21:17 <DIR> d-------- C:\WINDOWS\system32\rMa18yy
    2007-11-14 21:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-14 17:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2007-11-14 17:27 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 00:14 --------- d-----w C:\Program Files\Java
    2007-11-15 19:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
    2007-11-15 18:30 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2007-11-15 08:15 --------- d-----w C:\Program Files\Folder Lock
    2007-11-15 01:25 --------- d-----w C:\Program Files\Common Files\Real
    2007-10-12 17:49 --------- d-----w C:\Program Files\iTunes
    2007-10-12 17:49 --------- d-----w C:\Program Files\iPod
    2007-10-12 17:47 --------- d-----w C:\Program Files\QuickTime
    2007-10-12 17:44 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-12 17:43 --------- d-----w C:\Program Files\Common Files\Apple
    2007-10-12 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-17 17:01 --------- d-----w C:\Program Files\Mozy
    2007-08-27 16:54 256 -c--a-w C:\Documents and Settings\Administrator\pool.bin
    2007-01-25 00:27 24,192 -c--a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
    2007-01-25 00:27 22,768 -c--a-w C:\Documents and Settings\Administrator\usbsermpt.sys
    2007-01-10 20:15 839,700 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-01-10 20:15 839,699 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2007-01-10 20:15:15 839,699 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2006-08-09 18:55:54 88 -csh--r C:\WINDOWS\system32\36A282E0AE.sys
    2007-01-10 01:17:19 13,358 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83ED8AC4-888B-4DB9-8B1A-6A43A52CF557}]
    C:\Program Files\Online Services\hokewoC:\WINDOWS\system32\h2\jumper83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
    2007-11-14 21:18 36352 --a------ C:\WINDOWS\system32\tuvuspm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 07:42]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
    "D2D9D7DAD7DDD9D"="E7EEECEFECF2E.exe" [2007-11-02 14:39 C:\WINDOWS\system32\E7EEECEFECF2E.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Mozy Status.lnk - C:\Program Files\Mozy\mozystat.exe [2006-11-30 23:48:46]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kirby Alarm.lnk - C:\Program Files\Kirby Alarm\kirbyalarm.exe [2004-01-21 05:25:54]
    MozyHome Status.lnk - C:\Program Files\Mozy\mozystat.exe [2006-11-30 23:48:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\tuvuspm.dll [2007-11-14 21:18 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuspm]
    tuvuspm.dll 2007-11-14 21:18 36352 C:\WINDOWS\system32\tuvuspm.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\gebya.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Config2500.lnk]
    backup=C:\WINDOWS\pss\Config2500.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozy Status.lnk]
    backup=C:\WINDOWS\pss\Mozy Status.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
    backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    "C:\Program Files\America Online 9.0a\AOL.EXE" -b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Today]
    C:\WINDOWS\\\\\\\\\\\\\

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D2D9D7DAD7DDD9D]
    E7EEECEFECF2E.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1115773728\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFP1815_S2P]
    C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\System32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssoxncw]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    %systemroot%\system32\dumprep 0 -u

    R1 MozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys
    R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
    S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
    S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
    S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
    S3 Airgo;Wireless-G PCI Adapter with SRX Driver;C:\WINDOWS\system32\DRIVERS\WniHdd51.sys
    S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys
    S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys
    S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys
    S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys
    S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys
    S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
    S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
    S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;C:\WINDOWS\system32\DRIVERS\atinyttx.sys
    S3 usbser2k;Motorola USB Modem Driver from Win2K SP4;C:\WINDOWS\system32\DRIVERS\usbser2k.sys
    S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-15 16:31:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    disk error: C:\WINDOWS\

    **************************************************************************
    .
    Completion time: 2007-11-15 16:34:01 - machine was rebooted
    .
    --- E O F ---


    Here is the HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:43:49 PM, on 11/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Mozy\mozybackup.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\E7EEECEFECF2E.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Kirby Alarm\kirbyalarm.exe
    C:\Program Files\Mozy\mozystat.exe
    C:\WINDOWS\17PHolmes1188.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Insider\Insider.exe
    C:\Program Files\Alwil Software\Avast4\ashLogV.exe
    C:\Program Files\Microsoft Office\OFFICE11\OIS.EXE
    C:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [D2D9D7DAD7DDD9D] E7EEECEFECF2E.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
    O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\Mozy\mozystat.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.mswalkerincprojects.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {CCBDF033-DD85-45FD-AE68-FBC4A7C7C154} (BravaClientXView Class) - http://viewer.network.construction.com/IGC/BravaClientX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://66.53.96.60:2000/activex/AMC.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mswalkerincprojects.com/Projectmates/JUpload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MozyHome Backup Service (MozyBackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe


    Here is the Avast Anti Virus Log:
    11/13/2007 10:03:19 AM SYSTEM 1448 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006.
    11/13/2007 10:03:20 AM SYSTEM 1448 An error has occured while attempting to update. Please check the logs.
    11/14/2007 9:24:52 AM SYSTEM 1444 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006.
    11/14/2007 9:24:52 AM SYSTEM 1444 An error has occured while attempting to update. Please check the logs.
    11/14/2007 9:18:01 PM SYSTEM 1444 Sign of "Win32:Trojano-2873 [Trj]" has been found in "C:\WINDOWS\system32\f1\dnslook11.exe" file.
    11/14/2007 9:18:16 PM SYSTEM 1444 Sign of "Win32:Adloader-KH [Trj]" has been found in "C:\Program Files\TTC.dll" file.
    11/14/2007 9:21:27 PM SYSTEM 1444 Sign of "Win32:Adloader-KY [Drp]" has been found in "C:\Program Files\WinAble\winable.exe" file.
    11/15/2007 4:37:33 PM Administrator 1460 Sign of "Win32:Agent-MCE [Trj]" has been found in "C:\Program Files\Insider\UnInstall.exe" file.
    11/15/2007 4:42:43 PM Administrator 1460 Sign of "Win32:purityScan-V [Trj]" has been found in "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mshtml2.exe\[UPX]" file.



    Please Help. Thank you
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/652377

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice