1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

Discussion in 'Virus & Other Malware Removal' started by SKaVeN, Aug 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again. :)

    I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.


    These are the files:

    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
    Trojan horse Generic11.AV
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
    Trojan horse Generic11.AV
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
    Trojan horse Dropper.Generic.AAMD
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
    Trojan horse Dropper.Generic.AAMD
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
    Trojan horse Generic11.AV
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
    Trojan horse Generic11.AV
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
    Trojan horse Dropper.Generic.AAMD
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
    Trojan horse Dropper.Generic.AAMD
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
    Trojan horse Generic11.AV
    C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe:\IMKKZI~1.EXE
    Trojan horse Generic11.AV


    Whenever I click the "Remove all unhealed infections" button (in AVG) it always just says "Moved object is bigger than the archive size limit. C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe "


    Can someone please help?
     
  2. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    BTW, here's my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:54:50 PM, on 13/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Keith\Programs\AVG Anti-Spyware 7.5\guard.exe
    C:\Keith\Programs\AVG\AVG8\avgwdsvc.exe
    C:\Keith\Programs\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Keith\Programs\AVG\AVG8\avgrsx.exe
    C:\Keith\Programs\AVG\AVG8\avgemc.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Keith\Programs\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Keith\Programs\AVG\AVG8\avgtray.exe
    C:\Keith\Programs\AVG Anti-Spyware 7.5\avgas.exe
    C:\Keith\Programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\Keith\Useful Programs\Adam ADSL Usage Meter.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Keith\Programs\IncrediMail\bin\IncMail.exe
    C:\Keith\Programs\INCRED~1\bin\ImApp.exe
    C:\Keith\Programs\Mozilla Firefox\firefox.exe
    C:\Keith\Programs\eMule\emule.exe
    C:\Keith\Programs\Thumbs7\Thumbs.exe
    C:\Keith\Programs\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adam.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 68.178.232.99 www.winmx.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Keith\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Keith\Programs\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Keith\Programs\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\Keith\Programs\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Keith\Programs\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Keith\Programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adam ADSL Usage Meter.lnk = C:\Keith\Useful Programs\Adam ADSL Usage Meter.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Keith\Programs\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Keith\Programs\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Keith\Programs\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Keith\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Keith\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Keith\Programs\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135134665984
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Keith\Programs\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Keith\Programs\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Keith\Programs\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Keith\Programs\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Keith\Programs\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

    --
    End of file - 6435 bytes
     
  3. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    I have also updated & run a full SUPERAntiSpy scan which didn't detect anything.

    Could someone please help me with this as I am starting to get a little concerned.

    Thank you.
     
  4. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    I just ran a VundoFix scan & that didn't find anything either.
     
  5. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    Okay, I just ran the ComboFix scan:

    ComboFix 08-08-15.04 - AMD2500 2008-08-16 22:42:15.3 - NTFSx86
    Running from: C:\Keith\Useful Programs\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
    .

    2008-08-11 18:07 . 2008-08-11 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Martau
    2008-08-08 15:14 . 2008-08-12 23:59 464 --a------ C:\log.html
    2008-08-08 00:25 . 2008-08-08 00:25 <DIR> d-------- C:\Documents and Settings\AMD2500\Application Data\Malwarebytes
    2008-08-08 00:25 . 2008-08-08 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-08 00:25 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-08 00:25 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-07 15:48 . 2008-08-07 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-07 15:48 . 2008-08-07 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-03 19:56 . 2008-08-03 19:56 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-07-22 01:49 . 2008-01-10 21:45 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-07-22 01:49 . 2008-01-10 21:46 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-07-22 01:30 . 2008-07-04 16:04 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-07-22 01:30 . 2007-09-05 02:26 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-07-22 01:30 . 2007-09-21 10:22 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2008-07-22 01:30 . 2008-06-13 04:06 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-07-22 01:30 . 2007-07-11 01:40 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-07-22 01:30 . 2007-10-04 00:33 414 --a------ C:\WINDOWS\system32\lame_acm.xml
    2008-07-17 00:25 . 2008-07-17 00:25 <DIR> d-------- C:\My Shared Folder

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-15 05:05 --------- d-----w C:\Documents and Settings\AMD2500\Application Data\Canon
    2008-08-12 15:25 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-08-12 15:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-12 15:03 --------- d-----w C:\Program Files\CyberLink
    2008-08-12 14:52 --------- d-----w C:\Program Files\Ulead Systems
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-04 00:12 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-04 00:12 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-04 00:12 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-06-30 15:18 --------- d-----w C:\Documents and Settings\AMD2500\Application Data\SUPERAntiSpyware.com
    2008-06-30 15:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-06-11 00:03 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-06-11 00:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-06-11 00:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-06-11 00:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-06-11 00:03 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-06-11 00:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-06-11 00:03 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
    2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-06-11 00:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-05-25 08:13 47,787,248 ----a-w C:\avg_free_stf_en_8_100a1295.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-01-23 16:24 63,080 -c--a-w C:\Documents and Settings\AMD2500\Application Data\GDIPFONTCACHEV1.DAT
    2007-01-01 12:56 10,878 -c--a-w C:\Program Files\INSTALL.LOG
    2006-02-16 06:57 2,983 -c--a-w C:\Program Files\install_wizard.log
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Keith\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:26 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "COMODO Firewall Pro"="C:\Keith\Programs\Comodo\Firewall\CPF.exe" [2008-01-30 21:43 1115728]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "AVG8_TRAY"="C:\Keith\Programs\AVG\AVG8\avgtray.exe" [2008-07-04 09:42 1232152]
    "!AVG Anti-Spyware"="C:\Keith\Programs\AVG Anti-Spyware 7.5\avgas.exe" [2008-05-25 17:56 6731312]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05 69632]
    "nForce Tray Options"="sstray.exe" [2002-11-13 17:04 73728 C:\WINDOWS\system32\sstray.exe]
    "C-Media Mixer"="Mixer.exe" [2002-04-29 18:53 1433600 C:\WINDOWS\mixer.exe]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:26 15360]

    C:\Documents and Settings\AMD2500\Start Menu\Programs\Startup\
    Adam ADSL Usage Meter.lnk - C:\Keith\Useful Programs\Adam ADSL Usage Meter.exe [2007-09-22 22:25:51 212774]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Keith\Programs\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Keith\Programs\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "vidc.I263"= I263_32.drv
    "aux"= ctwdm32.dll
    "VIDC.ACDV"= ACDV.dll
    "aux1"= ctwdm32.dll
    "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

    [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Australian Personal Dictionary.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\savenow
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Services Loader
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Keith\Programs\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    --a------ 2007-11-20 10:38 208946 C:\Keith\Programs\INCRED~1\bin\IncMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
    --a------ 2006-10-10 11:01 315436 C:\PROGRA~1\Magentic\bin\Magentic.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2007-08-07 09:35 200704 C:\Keith\Programs\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2007-04-27 09:41 282624 C:\Keith\Programs\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegEasy.exe]
    --a------ 2007-09-01 22:50 4078592 C:\Keith\Programs\Registry Easy\RegEasy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    --a------ 2003-01-09 09:21 253952 C:\Keith\Programs\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    --a------ 2003-01-13 10:19 757760 C:\Keith\Programs\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    --a------ 2008-05-28 10:33 1506544 C:\Keith\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Keith\\Programs\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Keith\\Programs\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Keith\\Programs\\LimeWire\\LimeWire.exe"=
    "C:\\Keith\\Programs\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Keith\\Programs\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Keith\\Programs\\AVG\\AVG8\\avgemc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23215:TCP"= 23215:TCP:BitComet 23215 TCP
    "23215:UDP"= 23215:UDP:BitComet 23215 UDP
    "21741:TCP"= 21741:TCP:BitComet 21741 TCP
    "21741:UDP"= 21741:UDP:BitComet 21741 UDP

    R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-05-22 00:00]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:42]
    R2 avg8emc;AVG8 E-mail Scanner;C:\Keith\Programs\AVG\AVG8\avgemc.exe [2008-07-04 09:42]
    R2 avg8wd;AVG8 WatchDog;C:\Keith\Programs\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:42]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:42]
    S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2002-06-27 15:32]
    S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2002-06-27 15:32]
    S3 WCPUID;WCPUID;D:\CPU ID\WCPUID.SYS []

    *Newly Created Service* - GTNDIS5

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]
    C:\WINDOWS\system32:svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
    rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-15 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - AMD2500.job
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.adam.com.au/


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-16 22:50:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-16 22:59:58
    ComboFix-quarantined-files.txt 2008-08-16 13:29:00
    ComboFix2.txt 2008-08-16 12:52:33
    ComboFix3.txt 2007-10-20 09:44:35

    Pre-Run: 27,658,752,000 bytes free
    Post-Run: 27,641,368,576 bytes free

    209 --- E O F --- 2008-08-14 15:03:45
     
  6. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    Okay, now I just updated SUPERAntiSpyware, made sure that "close browsers before scanning", "scan for tracking cookies" & "terminate memory threats before quarantining", did a full scan & rebooted the PC. This is the log for that:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/17/2008 at 01:37 AM

    Application Version : 4.15.1000

    Core Rules Database Version : 3538
    Trace Rules Database Version: 1527

    Scan type : Complete Scan
    Total Scan Time : 02:27:11

    Memory items scanned : 368
    Memory threats detected : 0
    Registry items scanned : 7295
    Registry threats detected : 0
    File items scanned : 29100
    File threats detected : 0

    Adware.Tracking Cookie
    .youporn.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .youporn.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .youporn.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .youporn.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .mediaspy.org [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    www.aussiesexposed.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .adultadworld.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .adultadworld.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .adultadworld.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .xiti.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .focalex.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .focalex.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensavers-free.co.uk [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensavers-free.co.uk [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaverfree.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaverfree.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .fullscreensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .fullscreensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    www1.addfreestats.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    www5.addfreestats.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .popularscreensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .popularscreensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaver-network.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaver-network.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .top100screensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .top100screensavers.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaver.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .screensaver.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .register.screensaver.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .register.screensaver.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    www8.addfreestats.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    adstats.cdfreaks.com [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .specificclick.net [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .specificclick.net [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .specificclick.net [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
    .specificclick.net [ C:\Documents and Settings\AMD2500\Application Data\Mozilla\Firefox\Profiles\ifi5xnu5.default\cookies.txt ]
     
  7. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    Could someone please tell me what to do now?

    Should I KillBox something?
     
  8. SKaVeN

    SKaVeN Thread Starter

    Joined:
    Oct 19, 2007
    Messages:
    19
    BUMP

    Hello again,

    Has anyone figured out a way to help me yet? I'm starting to get worried that this thing will develop into something more serious. :eek:

    Have I provided enough information?

    I'd really appreciate it if someone could help me or perhaps suggest where I could get some assistance.

    Thank you again.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/739323

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice