1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Agent.AOY

Discussion in 'Virus & Other Malware Removal' started by Tulgovski, Nov 7, 2007.

Thread Status:
Not open for further replies.
  1. Tulgovski

    Tulgovski Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    2
    I've tried looking at other posts about the same virus but the HJT Logs are different and it seems that the Trojan changes the names of its processes. I've tried tons of other things and I just can't do it on my own. Please help me with a step by step...

    Here is the Log File from HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:59:34 PM, on 11/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\AOL\1163103917\ee\AOLSoftware.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DISC\DISCover.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wxpzcjca.dll
    O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163103917\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AA_SecuHDD] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [80c63450] rundll32.exe "C:\WINDOWS\system32\ycskwufl.dll",b
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WebCallDirect] "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://vetter.viewnetcam.com/bl_camera.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O24 - Desktop Component 1: (no name) - http://www.live.com/?wa=wsignin1.0&wa=wsignin1.0

    --
    End of file - 14207 bytes

    Thank You,
    Tulgovski
     
  2. Tulgovski

    Tulgovski Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    2
    Here is a Logfile from ComboFix

    ComboFix 07-11-08.1 - Administrator 2007-11-07 17:47:31.1 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.684 [GMT -8:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Munkhtulga Od\Application Data\macromedia\Flash Player\#SharedObjects\V48KYPKA\www.broadcaster.com
    C:\Documents and Settings\Munkhtulga Od\Application Data\macromedia\Flash Player\#SharedObjects\V48KYPKA\www.broadcaster.com\played_list.sol
    C:\Documents and Settings\Munkhtulga Od\Application Data\macromedia\Flash Player\#SharedObjects\V48KYPKA\www.broadcaster.com\video_queue.sol
    C:\Documents and Settings\Munkhtulga Od\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Munkhtulga Od\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Munkhtulga Od\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Munkhtulga Od\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Munkhtulga Od\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Munkhtulga Od\ResErrors.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pack.epk
    C:\WINDOWS\setup.exe
    C:\WINDOWS\system32\drivers\sfsync02.sys
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\fhhkj.bak2
    C:\WINDOWS\system32\fhhkj.ini
    C:\WINDOWS\system32\fhhkj.ini2
    C:\WINDOWS\system32\fhhkj.tmp
    C:\WINDOWS\system32\jkhhf.dll
    C:\WINDOWS\system32\reqozpat.dllbox
    C:\WINDOWS\system32\wxpzcjca.dllbox

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_SFSYNC02
    -------\DomainService
    -------\nm
    -------\sfsync02


    ((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
    .

    2007-11-07 17:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-07 17:41 79,936 --a------ C:\WINDOWS\system32\fhiknvda.dll
    2007-11-07 17:38 86,080 --a------ C:\WINDOWS\system32\wpsiqmuq.dll
    2007-11-07 17:33 71,232 --a------ C:\WINDOWS\system32\catoickv.exe
    2007-11-07 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
    2007-11-07 17:25 <DIR> d-------- C:\WINDOWS\LastGood
    2007-11-07 17:25 86,080 --a------ C:\WINDOWS\system32\lvuijqdk.dll
    2007-11-07 17:20 71,232 --a------ C:\WINDOWS\system32\lbpnbwwp.exe
    2007-11-07 16:56 145,984 --a------ C:\WINDOWS\system32\wxpzcjca.dll
    2007-11-07 16:56 145,984 --a------ C:\WINDOWS\system32\fqqnohtm.dll
    2007-11-07 16:48 <DIR> d-------- C:\Program Files\STOPzilla!
    2007-11-07 16:48 <DIR> d-------- C:\Program Files\Common Files\iS3
    2007-11-07 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2007-11-07 16:43 79,936 --a------ C:\WINDOWS\system32\xlaiuvsd.dll
    2007-11-07 16:40 86,080 --a------ C:\WINDOWS\system32\ycskwufl.dll
    2007-11-07 16:35 71,232 --a------ C:\WINDOWS\system32\sbnfjrba.exe
    2007-11-07 16:22 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2007-11-07 16:11 79,936 --a------ C:\WINDOWS\system32\uaetffeq.dll
    2007-11-07 16:05 71,232 --a------ C:\WINDOWS\system32\mhunqjyw.exe
    2007-11-07 16:04 <DIR> d-------- C:\Program Files\CONEXANT
    2007-11-07 14:33 <DIR> d-------- C:\Documents and Settings\Munkhtulga Od\Application Data\Grisoft
    2007-11-07 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-07 14:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-07 14:07 71,232 --a------ C:\WINDOWS\system32\lcuxnoxl.exe
    2007-11-07 11:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-07 02:14 86,080 --------- C:\WINDOWS\system32\cpqsghjg.dll
    2007-11-07 00:41 86,080 --------- C:\WINDOWS\system32\bldtmgyf.dll
    2007-11-07 00:32 71,232 --a------ C:\WINDOWS\system32\naephvmh.exe
    2007-11-07 00:28 86,080 --a------ C:\WINDOWS\system32\buxlbmmd.dll
    2007-11-07 00:18 71,232 --a------ C:\WINDOWS\system32\djavgjoq.exe
    2007-11-07 00:16 71,232 --a------ C:\WINDOWS\system32\jnlwfnpy.exe
    2007-11-06 23:37 145,984 --------- C:\WINDOWS\system32\reqozpat.dll
    2007-11-06 23:37 145,984 --a------ C:\WINDOWS\system32\njyqploi.dll
    2007-11-06 23:27 <DIR> d-------- C:\Program Files\Alwil Software
    2007-11-06 23:27 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-06 23:27 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-06 23:27 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-06 23:27 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-06 23:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-06 23:27 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-06 23:27 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-05 01:59 <DIR> d-------- C:\Program Files\GameSpy Arcade
    2007-11-03 19:57 <DIR> d-------- C:\Program Files\Ableton
    2007-11-03 14:46 <DIR> d-------- C:\Documents and Settings\Munkhtulga Od\Application Data\Ableton
    2007-11-03 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
    2007-11-03 12:58 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-11-02 20:11 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
    2007-11-02 18:42 <DIR> d-------- C:\Program Files\MagicDisc
    2007-11-02 18:42 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2007-11-02 15:14 2,969 --a------ C:\WINDOWS\system32\rmbbdppj.dll
    2007-10-29 23:33 589 --a------ C:\WINDOWS\system32\bdiviqsm.dll
    2007-10-28 23:36 589 --a------ C:\WINDOWS\system32\jojkritl.dll
    2007-10-27 22:40 <DIR> d-------- C:\Script
    2007-10-27 20:30 <DIR> d-------- C:\Program Files\Opera 9
    2007-10-27 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
    2007-10-26 15:21 <DIR> d-------- C:\Program Files\EA GAMES
    2007-10-23 00:15 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-10-21 01:45 <DIR> d-------- C:\Documents and Settings\Munkhtulga Od\Application Data\Ringjacker
    2007-10-10 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-10-10 18:15 <DIR> d-------- C:\Program Files\Windows Live
    2007-10-10 18:15 <DIR> d-------- C:\Program Files\Messenger Plus! Live
    2007-10-09 14:35 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-08 00:56 4,096 ----a-w C:\WINDOWS\system32\drivers\3B2E0B6C-3398-41FF-92FD-093EEFB2FA07.cxv
    2007-11-08 00:32 --------- d-----w C:\Documents and Settings\Munkhtulga Od\Application Data\Skype
    2007-11-08 00:19 --------- d-----w C:\Program Files\Trend Micro
    2007-11-07 22:10 --------- d-----w C:\Program Files\DISC
    2007-11-07 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    2007-11-07 22:05 --------- d-----w C:\Documents and Settings\Munkhtulga Od\Application Data\LimeWire
    2007-11-07 09:33 --------- d-----w C:\Program Files\Microsoft Games
    2007-11-07 08:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-07 08:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-07 04:59 --------- d-----w C:\Program Files\DivX
    2007-11-07 04:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 04:51 --------- d-----w C:\Program Files\Sony Ericsson
    2007-11-07 04:47 --------- d-----w C:\Program Files\VstPlugins
    2007-11-07 04:47 --------- d-----w C:\Program Files\Image-Line
    2007-11-07 04:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-07 03:11 --------- d-----w C:\Program Files\AGLOCO Viewbar
    2007-11-05 01:41 --------- d-----w C:\Documents and Settings\Munkhtulga Od\Application Data\BitTorrent
    2007-11-03 07:36 --------- d-----w C:\Program Files\PokerStars.NET
    2007-10-28 20:18 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-23 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-13 21:02 --------- d-----w C:\Program Files\BitTorrent
    2007-10-13 06:49 --------- d-----w C:\Program Files\Silkroad
    2007-10-11 10:30 --------- d-----w C:\Program Files\PLUS!
    2007-10-11 02:15 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-17 08:05 --------- d-----w C:\Program Files\iTunes
    2007-09-17 08:05 --------- d-----w C:\Program Files\iPod
    2007-09-17 08:03 --------- d-----w C:\Program Files\QuickTime
    2007-09-17 08:00 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-17 07:59 --------- d-----w C:\Program Files\Common Files\Apple
    2007-09-17 07:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-03-05 07:59 356,352 ----a-w C:\Documents and Settings\Munkhtulga Od\cwshredder.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8487b064-4b88-447b-864a-c873f959c913}]
    2007-11-07 17:41 79936 --a------ C:\WINDOWS\system32\fhiknvda.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-07 16:56 145984 --a------ C:\WINDOWS\system32\wxpzcjca.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wxpzcjca.dll [2007-11-07 16:56 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-15 04:00]
    "80c63450"="C:\WINDOWS\system32\wpsiqmuq.dll" [2007-11-07 17:38]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 04:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2006-06-20 15:11 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 07:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wxpzcjca]
    wxpzcjca.dll 2007-11-07 16:56 145984 C:\WINDOWS\system32\wxpzcjca.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Munkhtulga Od^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Munkhtulga Od\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Munkhtulga Od^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=C:\Documents and Settings\Munkhtulga Od\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=C:\WINDOWS\pss\MagicDisc.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\80c63450]
    rundll32.exe "C:\WINDOWS\system32\ycskwufl.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AA_SecuHDD]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    C:\Program Files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
    C:\Program Files\DISC\DISCover.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1163103917\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
    C:\Program Files\PowerISO\SCDEmuApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
    "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
    "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
    C:\Program Files\AGLOCO Viewbar\Viewbar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCallDirect]
    "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    S3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
    S3 WINIO;WINIO;\??\G:\smap\tools32\winio.sys
    S4 Batpsrnp;Batpsrnp;C:\WINDOWS\system32\defrag.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f55bf2-702c-11db-96bd-806d6172696f}]
    \shell\AutoRun\command - I:\sony\Autorun.exe

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-07 17:58:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-07 17:59:52 - machine was rebooted
    .
    --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649161

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice