Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Win32 trojan avast
   
BullGuard Antivirus Forum > Virus > Virus Questions > Win32 trojan avast  
Forum Quick Jump
 
New Topic Post reply to : Win32 trojan avast Printable version of : Win32 trojan avast
[ << Previous Thread | Next Thread >> ]

pcwindows
New Member


Date Joined May 2008
Total Posts : 5
  		   Posted 5-28-2008 11:33 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
can someone tell me please from my hijack-this if i have a virus..
or maybe it is only avast that finds it, because it is not one..??
and maybe, if avast cannot delete it, then avast is rubbish.??
help please here is my log... thanks


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:39, on 28/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Users\PAULAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6765 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 5-29-2008 6:15 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
Hello smile
 
Avast is a good antivirus program smile
 
 
I can see one infection in the log, it is therefore possible You have more infections.
 
This one -O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe
Should be in this  folder -> C:\Windows\PCHealth\HelpCtr\Binaries folder
 
Not in system32 folder.
 
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drive/flash drive before running Combofix
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.
 
Please copy and paste your log files. DO NOT add it as an attachment



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Back to Top
 

pcwindows
New Member


Date Joined May 2008
Total Posts : 5
  		   Posted 5-29-2008 3:57 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
this is my log as re-quested. thanks...




ComboFix 08-05-28.4 - paul and penny 2008-05-29 15:41:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1165 [GMT 1:00]
Running from: C:\Users\paul and penny\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-28 23:18 . 2008-05-28 23:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 22:15 . 2008-05-28 12:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-27 16:40 . 2008-05-29 15:05 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Users\All Users\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\ProgramData\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Program Files\AVG
2008-05-27 16:40 . 2008-05-27 16:40 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-27 16:40 . 2008-05-27 16:40 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-27 16:40 . 2008-05-27 16:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-27 16:28 . 2008-05-27 16:28 <DIR> d-------- C:\PerfLogs
2008-05-27 16:20 . 2008-05-27 20:43 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-05-27 16:07 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-27 16:06 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-27 16:05 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-27 16:05 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-27 16:05 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-27 16:05 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-27 16:05 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-27 16:05 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-27 16:05 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-27 16:05 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-27 16:05 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-26 23:11 . 2008-05-26 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 14:28 . 2008-05-16 14:28 <DIR> d-------- C:\Program Files\bfgclient
2008-05-16 14:27 . 2008-05-16 14:34 <DIR> d-------- C:\BigFishGamesCache
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\Users\All Users\HipSoft
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\ProgramData\HipSoft
2008-05-09 15:00 . 2008-05-09 15:00 <DIR> d-------- C:\Users\paul and penny\AppData\Roaming\Template
2008-05-09 14:59 . 2008-05-09 14:59 0 --a------ C:\Users\paul and penny\AppData\Roaming\wklnhst.dat
2008-05-04 22:51 . 2008-05-04 22:59 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo
2008-05-28 21:51 --------- d-----w C:\Program Files\Ashampoo
2008-05-27 15:36 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 15:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 15:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-25 18:40 --------- d-----w C:\Program Files\Google
2008-05-25 14:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:34 --------- d-----w C:\Users\paul and penny\AppData\Roaming\LimeWire
2008-05-19 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-19 13:07 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-16 14:09 --------- d---a-w C:\ProgramData\TEMP
2008-05-15 12:36 --------- d-----w C:\Users\paul and penny\AppData\Roaming\iWin
2008-05-15 12:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:15 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 20:21 --------- d-----w C:\Users\paul and penny\AppData\Roaming\CyberLink
2008-05-07 20:21 --------- d-----w C:\ProgramData\CyberLink
2008-04-29 21:08 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:14 --------- d--h--w C:\ProgramData\CanonBJ
2008-04-26 22:23 --------- d-----w C:\Program Files\GameHouse
2008-04-21 17:40 --------- d-----w C:\Users\paul and penny\AppData\Roaming\My Games
2008-04-20 19:35 --------- d-----w C:\Users\paul and penny\AppData\Roaming\GameHouse
2008-04-19 22:10 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-04-19 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Business Logic
2008-04-14 17:15 --------- d-----w C:\ProgramData\MumboJumbo
2008-04-12 19:38 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo Photo Commander 5
2008-04-11 13:37 --------- d-----w C:\Program Files\Java
2008-04-07 14:48 --------- d-----w C:\Program Files\Rainforest Adventure
2008-04-07 14:47 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-06 17:11 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Comodo
2008-04-06 15:20 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-04-06 15:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 15:19 --------- d-----w C:\Users\paul and penny\AppData\Roaming\SUPERAntiSpyware.com
2008-04-06 00:06 --------- d-----w C:\ProgramData\Oberonv1005
2008-04-06 00:05 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-06 00:05 --------- d-----w C:\Program Files\Acer GameZone
2008-04-04 09:52 --------- d-----w C:\ProgramData\JollyBear
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-29_15.27.37.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:03:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 14:36:19 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 14:36:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-29 14:36:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 14:05:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 14:38:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 14:38:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 14:05:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 14:38:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-29 14:04:15 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
+ 2008-05-29 14:37:23 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
- 2008-05-29 14:04:31 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
+ 2008-05-29 14:37:55 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
- 2008-05-29 14:26:49 712,008 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-05-29 14:44:49 709,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
- 2008-05-29 14:10:56 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-29 14:41:05 105,852 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 14:10:56 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-29 14:41:05 600,378 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-29 14:05:43 9,726 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
+ 2008-05-29 14:38:33 9,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
- 2008-05-29 14:05:43 74,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 14:38:32 74,264 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 14:05:42 59,268 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 14:38:30 59,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 08:33 227840]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-27 16:40 1177368]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 23:54 5361464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^paul and penny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 12:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
--a------ 2007-08-11 16:50 331264 C:\Program Files\NetMeter\NetMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
--a------ 2006-11-02 10:45 44544 C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"="rundll32.exe" oobefldr.dll,ShowWelcomeCenter
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"Persistence"=C:\Windows\system32\igfxpers.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55FA8D98-00EE-46D4-80F6-B2FE8E7C8C8D}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{EF222906-87A4-4828-9F6B-D7BB099B5C73}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4C9D47C0-EEF7-4203-8B67-FB56A04C48B9}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1055584B-7CE5-4C0D-85DF-5830B30182F0}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8B4F0E4-2EFF-4FAC-95E1-EB10BD1B3C56}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{A2237169-D933-402C-963B-FFFF852B5BCD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{9C547A9B-6F2D-42BC-A42F-17947F1C78D4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{C0FD34BA-713B-4FE6-BF21-A38C72E13778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{966E0273-75CA-4E04-8847-D0CAA5DEB2E4}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{EC9C71A9-5DFC-435B-B86C-024BF88FFA28}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{EC6C9BF7-6FFD-4C10-BDB2-0C8ABFFFFE1C}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{DC73115F-36F9-4580-ACE4-5DD10F5C226F}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"{66ACBBA3-BE89-4861-889A-7BA26A16F144}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D6237C54-8E77-4C4B-A61A-20F5F7AD43C2}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-26 00:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-26 00:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-26 00:34]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-27 16:40]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 00:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 22:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-27 16:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-27 16:40]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-26 00:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 23:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 22:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 20:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-17 06:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-27 16:40]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660debcf-6929-11dc-844a-806e6f6e6963}]
\shell\AutoRun\command - E:\Msetup4.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 14:36:27 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 15:44:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 15:46:14
ComboFix-quarantined-files.txt 2008-05-29 14:46:04
ComboFix2.txt 2008-05-29 14:28:08

Pre-Run: 31,547,662,336 bytes free
Post-Run: 31,516,999,680 bytes free

254 --- E O F --- 2008-05-29 14:08:47
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 5-31-2008 2:00 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
Before deleting any files, please find the file C:\WINDOWS\SYSTEM32\msconfig.exe and check its properties. Size, and origin.
 
 
 
Post back the results

Do NOT post your problem in someone elses thread.

Back to Top
 

pcwindows
New Member


Date Joined May 2008
Total Posts : 5
  		   Posted 6-1-2008 12:30 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
just one problem. touch i cannot seem to find how large win32 msconfig is. any help ? thanks..
Back to Top
 

pcwindows
New Member


Date Joined May 2008
Total Posts : 5
  		   Posted 6-1-2008 8:04 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
HI THE WIN32 MISCONFIG FILE, IS 3.12 GB, 3.15 ON DISC. CONTAINS 17.153 FILES CONTAINS 1.237 FOLDERS. hope this helps thanks..
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 6-2-2008 6:07 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
1. Click the round blue Start thing in the left corner
2. Click Control Panel
3. Click Folder Options
4. Click the View tab
5. Click Show hidden files and folders
Let´s have C:\Windows\system32\msconfig.exe   checked -
Post back the results
 

Do NOT post your problem in someone elses thread.

Back to Top
 

pcwindows
New Member


Date Joined May 2008
Total Posts : 5
  		   Posted 6-2-2008 3:25 (GMT +1)    Quote: Win32 trojan avastAlert an admin about: Win32 trojan avast
HI DID A SCAN with xoft spy and came back clear, A virus scan called trojan hunter found a trojan in one of my downloaded games called KAHUNA REEF which was also found in my system 32 and these 2 entries were deleted from the trail version of the anti trojan programme. done a scan today that also came back clean. hope the problem has been solved. if it has may i say thank you for your time and trouble. if not may i have your continued help..
thanks again paul..
Back to Top
 
New Topic Post reply to : Win32 trojan avast Printable version of : Win32 trojan avast
 
Forum Information
Currently it is Tuesday, December 02, 2008 11:53 PM (GMT +1)
There are a total of 64.507 posts in 15.908 threads.
In the last 3 days there were 17 new threads and 84 reply posts. View Active Threads
Who's Online
This forum has 27322 registered members. Please welcome our newest member, imezeguy.
50 Guest(s), 1 Registered Member(s) are currently online.  Details
cgamm
5 Latest Threads
Need virus removal help - malwarebytes etc (5)02-12-2008 19:12:25 (Jonathan_ll)
Help please !!!!! (0)02-12-2008 18:12:57 (RERAZOR)
Trojan Horse Downloader Generic EPY (0)02-12-2008 17:40:36 (ah ying)
Command Service (8)02-12-2008 17:11:50 (yogendra)
Virtrigger removal (10)02-12-2008 15:16:23 (JHT)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard