Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Is all avast trojan-gen true?
   
BullGuard Antivirus Forum > Virus > Virus Questions > Is all avast trojan-gen true?  
Forum Quick Jump
 
New Topic Post reply to : Is all avast trojan-gen true? Printable version of : Is all avast trojan-gen true?
[ << Previous Thread | Next Thread >> ]

whitehairmaiden
New Member


Date Joined Nov 2008
Total Posts : 2
  		   Posted 11-18-2008 11:38 (GMT +1)    Quote: Is all avast trojan-gen true?Alert an admin about: Is all avast trojan-gen true?
Dear Whomever It May Concern,
 
I apologize first off that i'm not so great with computers.  With that being said I have seen a subject in fixing this problem posten id this forum around 2005 and that thread was close.  In another forum they said not all Avast alert for Win 32 Trojan-gen are justify.  So far I have ran the hijack and got log of:
 
Logfile of HijackThis v1.99.1
Scan saved at 4:42:53 AM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\E\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 192.167.0.3 HP0018715EC321
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\E\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I'm not sure if there is anything to delete or if it's different for each computer.  Any great help would be fully appreciated.
 
Thank You So Much,
 
Whitehairmaiden
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 11-18-2008 12:36 (GMT +1)    Quote: Is all avast trojan-gen true?Alert an admin about: Is all avast trojan-gen true?
Hello smile
 
 
You have some infections, I´ll therefore suggest you ->
 
 
Download this program: http://www.ctrlaltdel.dk/Fix_download.exe
and save it on the desktop. Then double click on it (Fix_download.exe).
You may have to allow the program to download files from the web! 

The program download the necessary cleaning programs. Once the program 
is downloaded, there will be a folder on your desktop named 
Fix.   – if the instructions not automatically opens, so 
double-click "FIX_manual.htm" in Fix folder. 

Please follow the instructions and copy the logs here, in this Topic.
 
Note : Fix_download.exe is detected by some antivirus programs  as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


 

 If necessary, temporarily disable your anti-virus, real-time protection before downloading
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

whitehairmaiden
New Member


Date Joined Nov 2008
Total Posts : 2
  		   Posted 11-18-2008 6:00 (GMT +1)    Quote: Is all avast trojan-gen true?Alert an admin about: Is all avast trojan-gen true?
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
11/18/2008 11:39:11 AM
mbam-log-2008-11-18 (11-39-11).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 184855
Time elapsed: 40 minute(s), 35 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 8
Memory Processes Infected:
C:\Program Files\GetPack\GetPack24.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack24 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\E\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\E\Local Settings\Temp\__8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\E\Local Settings\Temp\__9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack24.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Delete on reboot.
ComboFix 08-11-17.06 - E 2008-11-18 11:52:01.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1458 [GMT -5:00]
Running from: c:\documents and settings\E\Desktop\FIX\ComboFix.exe
 * Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\cabs\D00805-001-001\_desktop.ini
c:\documents and settings\E\Application Data\gadcom
c:\documents and settings\E\Application Data\gadcom\gadcom.exe
c:\documents and settings\E\Application Data\inst.exe
c:\documents and settings\E\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\winsrc.dll.tmp
.
(((((((((((((((((((((((((   Files Created from 2008-10-18 to 2008-11-18  )))))))))))))))))))))))))))))))
.
2008-11-18 10:55 . 2008-11-18 10:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 10:55 . 2008-11-18 10:55 <DIR> d-------- c:\documents and settings\E\Application Data\Malwarebytes
2008-11-18 10:55 . 2008-11-18 10:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 10:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 10:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-18 05:10 . 2008-11-18 05:10 <DIR> d-------- c:\documents and settings\E\Application Data\Twain
2008-11-18 05:01 . 2008-11-18 05:01 74 --a------ c:\windows\st_affiliate.ini
2008-11-18 05:00 . 2008-11-18 05:00 64 --a------ c:\windows\av_affiliate.ini
2008-11-18 05:00 . 2008-11-18 05:00 64 --a------ c:\windows\as_affiliate.ini
2008-11-18 04:55 . 2008-11-18 04:55 <DIR> d-------- c:\program files\CCleaner
2008-11-18 04:52 . 2008-11-18 10:52 <DIR> d-------- c:\program files\CyberDefender
2008-11-18 04:52 . 2008-11-18 04:52 67,424 --a------ c:\windows\system32\drivers\CDAVFS.sys
2008-11-18 04:51 . 2008-11-18 04:52 <DIR> d-------- C:\Kaspersky
2008-11-18 04:51 . 2008-11-18 04:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-16 19:21 . 2008-11-16 19:21 <DIR> d-------- c:\documents and settings\E\Application Data\Babylon
2008-11-16 19:21 . 2008-11-16 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2008-11-15 19:48 . 2008-11-15 19:48 0 --a------ c:\windows\QuickInstall.INI
2008-11-12 23:00 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 14:56 . 2008-11-06 14:56 <DIR> d-------- C:\PB_Temp
2008-11-06 12:14 . 2008-11-06 14:56 <DIR> d-------- C:\PropertyBoss Data
2008-11-06 12:14 . 2008-11-06 14:56 <DIR> d-------- c:\program files\PropertyBoss
2008-11-05 21:34 . 2008-11-05 21:34 <DIR> d-------- c:\documents and settings\E\Application Data\Yahoo!
2008-11-05 21:34 . 2008-11-05 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-05 21:15 . 2008-11-05 21:15 <DIR> d-------- c:\program files\Yahoo!
2008-11-05 21:15 . 2008-11-05 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-02 12:00 . 2008-11-02 12:00 49 --a------ c:\windows\NeroDigital.ini
2008-11-01 17:39 . 2008-11-01 17:39 <DIR> d-------- c:\program files\Common Files\HP
2008-11-01 17:39 . 2008-11-01 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-01 17:38 . 2008-11-01 17:38 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-01 17:36 . 2008-11-01 17:37 <DIR> d-------- C:\TEMP
2008-11-01 17:36 . 2008-11-01 17:37 696 --a------ c:\windows\hpntwksetup.ini
2008-11-01 17:35 . 2008-11-01 15:45 68,905 --------- c:\windows\hpoins05.dat.temp
2008-11-01 17:35 . 2004-12-14 10:39 19,696 --------- c:\windows\hpomdl05.dat.temp
2008-11-01 15:44 . 2008-11-01 17:46 69,425 --a------ c:\windows\hpoins05.dat
2008-11-01 15:44 . 2004-12-14 10:39 19,696 --------- c:\windows\hpomdl05.dat
2008-11-01 15:30 . 2008-11-01 15:30 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-01 15:28 . 2008-11-01 15:13 19,310 --------- c:\windows\HPHins02.dat.temp
2008-11-01 15:28 . 2004-01-16 04:56 4,284 --------- c:\windows\hphmdl02.dat.temp
2008-11-01 15:20 . 2008-11-01 15:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-01 15:13 . 2008-11-01 15:45 <DIR> d-------- c:\program files\HP
2008-11-01 15:11 . 2008-11-01 17:39 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-01 15:10 . 2008-11-01 15:13 19,310 --------- c:\windows\HPHins02.dat
2008-11-01 15:10 . 2004-01-16 04:56 4,284 --------- c:\windows\hphmdl02.dat
2008-11-01 15:07 . 2008-08-14 05:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-01 15:07 . 2008-08-14 04:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-01 15:07 . 2008-08-14 04:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-01 15:07 . 2008-08-14 04:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-01 15:07 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-01 15:07 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-01 14:20 . 2008-11-01 14:20 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-01 14:19 . 2008-11-01 14:20 <DIR> d-------- c:\program files\AutoCAD 2006
2008-11-01 14:19 . 2008-11-01 14:36 <DIR> d-------- c:\documents and settings\E\Application Data\Autodesk
2008-11-01 14:19 . 2008-11-01 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-11-01 14:18 . 2008-11-01 14:20 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-01 14:18 . 2008-11-01 14:18 <DIR> d-------- c:\program files\Autodesk
2008-11-01 14:17 . 2008-11-01 14:17 <DIR> d-------- c:\windows\system32\URTTemp
2008-10-28 20:59 . 2008-10-28 20:59 <DIR> d-------- c:\documents and settings\E\Application Data\Leadertech
2008-10-28 20:55 . 2008-11-01 14:12 <DIR> d-------- c:\program files\Palm
2008-10-28 20:55 . 2008-10-28 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\HotSync
2008-10-28 20:55 . 2008-10-28 20:54 53,248 --a------ c:\windows\PalmDevC.dll
2008-10-28 20:54 . 2008-10-28 20:54 <DIR> d-------- c:\windows\Downloaded Installations
2008-10-28 20:54 . 2008-10-28 20:54 <DIR> d-------- c:\documents and settings\E\Application Data\HotSync
2008-10-28 19:56 . 2008-10-28 19:56 <DIR> d-------- c:\documents and settings\E\Application Data\Windows Search
2008-10-28 17:26 . 2008-10-28 17:26 <DIR> d--hs---- c:\documents and settings\E\UserData
2008-10-28 16:38 . 2008-10-28 16:38 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-28 16:38 . 2008-10-28 16:38 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-28 16:38 . 2008-10-28 16:38 <DIR> d-------- c:\documents and settings\E\Application Data\Windows Desktop Search
2008-10-28 16:37 . 2008-11-13 03:00 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-27 14:46 . 2004-08-04 01:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-27 14:46 . 2004-08-04 01:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-27 14:46 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-27 14:46 . 2001-08-17 16:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-27 14:46 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-27 14:46 . 2001-08-17 17:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-27 11:27 . 2008-10-27 11:27 <DIR> d-------- c:\program files\DVD Shrink
2008-10-27 11:27 . 2008-10-27 11:27 <DIR> d-------- c:\program files\DVD Decrypter
2008-10-27 11:27 . 2008-10-27 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-27 11:26 . 2008-10-27 11:26 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-10-27 11:26 . 2008-10-27 11:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-27 11:26 . 2008-10-27 11:26 <DIR> d-------- c:\documents and settings\E\Application Data\SUPERAntiSpyware.com
2008-10-27 11:26 . 2008-10-27 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-27 11:25 . 2008-10-27 11:25 <DIR> d-------- c:\program files\Cheetah Burner
2008-10-27 11:24 . 2008-10-27 11:24 <DIR> d-------- c:\program files\DVDFab 5
2008-10-27 11:24 . 2008-10-30 16:02 <DIR> d-------- c:\documents and settings\E\Application Data\Vso
2008-10-27 11:24 . 2008-10-27 11:24 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-10-27 11:24 . 2008-10-27 11:24 47,360 --a------ c:\documents and settings\E\Application Data\pcouffin.sys
2008-10-27 11:12 . 2008-10-27 11:12 <DIR> d-------- c:\windows\system32\Lang
2008-10-27 11:12 . 2008-10-27 11:12 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-10-27 11:12 . 2008-10-27 11:12 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-10-27 11:09 . 2008-10-27 11:09 <DIR> d-------- c:\documents and settings\E\Application Data\U3
2008-10-27 11:06 . 2008-10-27 11:11 <DIR> d-------- c:\windows\nview
2008-10-27 11:06 . 2006-11-17 01:14 208,896 --a------ c:\windows\system32\nvudisp.exe
2008-10-27 11:06 . 2008-11-18 11:42 81,191 --a------ c:\windows\system32\nvapps.xml
2008-10-27 11:06 . 2006-11-17 01:13 17,056 --a------ c:\windows\system32\nvdisp.nvu
2008-10-27 11:04 . 2005-05-04 00:43 69,632 --a------ c:\windows\Alcmtr.exe
2008-10-27 10:43 . 2008-10-27 11:04 <DIR> d-------- c:\program files\Realtek
2008-10-27 10:43 . 2008-10-27 11:25 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-10-27 10:43 . 2006-12-19 17:12 16,062,464 --a------ c:\windows\RTHDCPL.exe
2008-10-27 10:43 . 2006-05-04 22:35 9,709,568 --a------ c:\windows\RTLCPL.exe
2008-10-27 10:43 . 2006-12-21 22:26 4,405,248 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2008-10-27 10:43 . 2006-05-17 00:04 2,879,488 --a------ c:\windows\SkyTel.exe
2008-10-27 10:43 . 2006-05-04 22:26 2,808,832 --a------ c:\windows\alcwzrd.exe
2008-10-27 10:43 . 2006-10-11 23:42 2,157,568 --a------ c:\windows\MicCal.exe
2008-10-27 10:43 . 2006-12-16 19:10 1,191,936 --a------ c:\windows\RtlUpd.exe
2008-10-27 10:43 . 2006-12-16 17:29 499,712 --a------ c:\windows\RtlExUpd.dll
2008-10-27 10:43 . 2005-09-21 16:25 299,008 --a------ c:\windows\system32\ALSndMgr.cpl
2008-10-27 10:43 . 2006-08-18 12:58 282,624 --a------ c:\windows\system32\RTSndMgr.cpl
2008-10-27 10:43 . 2006-07-21 22:14 86,016 --a------ c:\windows\SoundMan.exe
2008-10-27 10:43 . 2007-09-27 13:46 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-10-27 10:34 . 2006-11-17 01:15 208,896 --------- c:\windows\system32\nvuide.exe
2008-10-27 10:34 . 2006-11-17 01:15 1,570 --------- c:\windows\system32\nvide.nvu
2008-10-27 10:32 . 2006-11-17 01:15 208,896 --a------ c:\windows\system32\nvunrm.exe
2008-10-27 10:32 . 2006-11-17 01:15 110,592 --a------ c:\windows\system32\drivers\nvtcp.sys
2008-10-27 10:32 . 2006-11-17 01:15 3,903 --a------ c:\windows\system32\nvnrm.nvu
2008-10-27 10:26 . 2008-10-27 11:04 <DIR> d-------- C:\cabs
2008-10-27 10:26 . 2007-04-06 18:53 356,352 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-27 10:05 . 2003-08-27 02:43 229,376 -ra------ c:\windows\system32\swlpu.dll
2008-10-27 10:05 . 2003-12-16 19:58 82,888 -ra------ c:\windows\system32\drivers\swld23u.sys
2008-10-27 10:05 . 2003-05-01 20:26 53,690 -ra------ c:\windows\system32\drivers\swlubtl.sys
2008-10-26 18:50 . 2006-10-26 22:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-26 18:49 . 2008-10-26 18:49 <DIR> d-------- c:\program files\MSBuild
2008-10-26 18:49 . 2008-10-26 18:49 <DIR> d-------- c:\program files\Microsoft Works
2008-10-26 18:48 . 2008-10-26 18:48 <DIR> d-------- C:\swsetup
2008-10-26 18:48 . 2008-10-28 20:54 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-10-26 18:48 . 2008-10-27 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 01:54 16,694 ----a-w c:\windows\system32\drivers\PalmUSBD.sys
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\Adobe
2008-10-26 19:57 --------- d-----w c:\program files\Bonjour
2008-10-26 19:54 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-26 19:46 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\cdas3.exe" [2008-11-18 636232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"CyberDefender Early Detection Center"="c:\program files\CyberDefender\AntiSpyware\ISSIntro.exe" [2008-11-18 566600]
"SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-11-17 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2006-08-08 10872]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-27 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 19:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\PropertyBoss\\dbeng8.exe"=
"c:\\Program Files\\CyberDefender\\AntiSpyware\\cdas3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-26 20560]
R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-11-18 67424]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\DRIVERS\SWLD23U.sys [2008-10-27 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\Drivers\swlubtl.sys [2008-10-27 53690]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 11:54:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-18 11:56:21
ComboFix-quarantined-files.txt  2008-11-18 16:55:35
Pre-Run: 234,448,429,056 bytes free
Post-Run: 234,464,120,832 bytes free
242 --- E O F --- 2008-11-13 08:01:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:57 AM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas3.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\E\Desktop\FIX\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 192.167.0.3 HP0018715EC321
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas3.exe" /minimize
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10479 bytes
 
Back to Top
 
New Topic Post reply to : Is all avast trojan-gen true? Printable version of : Is all avast trojan-gen true?
 
Forum Information
Currently it is Friday, January 09, 2009 4:18 AM (GMT +1)
There are a total of 65.964 posts in 16.185 threads.
In the last 3 days there were 23 new threads and 96 reply posts. View Active Threads
Who's Online
This forum has 27795 registered members. Please welcome our newest member, rey_rebs.
43 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Getting taken by multiple bad guys (5)09-01-2009 02:07:14 (Derrack)
Denial of Service Attack (6)09-01-2009 02:07:01 (elledelle)
Contacted CiD spyware/virus (2)09-01-2009 02:05:39 (oblomurg)
Vbs malware gen in phone memory card.. please help (1)09-01-2009 01:20:25 (bindujagarla)
Random pop-ups (0)09-01-2009 00:10:41 (yogendra)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard