Author Topic: 1.reg Malware - How to get rid of it?  (Read 43628 times)

0 Members and 1 Guest are viewing this topic.

MTCca

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #45 on: October 12, 2007, 12:08:04 AM »
I think I have it cased....

C:\Windows\system32\scvhost32.exe moved successfully.
 
Created on 10/11/2007 15:35:58

*******************

WinPFind3 logfile created on: 10/11/2007 3:40:53 PM
WinPFind3U by OldTimer - Version 1.0.42   Folder = C:\Downloads\WinPFind3u\
Windows Vista (TM) Home Premium  (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)
 
893.44 Mb Total Physical Memory | 203.15 Mb Available Physical Memory | 22.74% Memory free
1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.40% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.72 Gb Total Space | 3.87 Gb Free Space | 3.81% Space Free
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.33% Space Free
Drive E: | 95.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: DAD-PC
Current User Name: Dad
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 4:06:10 AM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 4:05:42 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 4:06:04 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 4:04:44 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 3:54:58 AM | Attr =    ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 569344 bytes | Modified Date = 3/14/2007 7:53:10 PM | Attr =    ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 569344 bytes | Modified Date = 3/14/2007 7:53:10 PM | Attr =    ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1724416 bytes | Modified Date = 3/21/2007 11:33:42 AM | Attr =    ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:36 AM | Attr =    ]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 4:02:32 PM | Attr =    ]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.7: 2007091417 | Size = 7644520 bytes | Modified Date = 9/18/2007 9:14:10 PM | Attr =    ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 10:37:04 AM | Attr =    ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 3/25/2007 9:31:12 AM | Attr =    ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr =    ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr =    ]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr =    ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:30 AM | Attr =    ]
otmoveit.exe -> %SystemDrive%\Downloads\OTMoveIt.exe -> OldTimer Tools [Ver = 1.0.12.0 | Size = 210432 bytes | Modified Date = 10/11/2007 3:35:14 PM | Attr =    ]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr =    ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 8, 0, 11, 0 | Size = 1125088 bytes | Modified Date = 2/20/2007 1:01:12 PM | Attr =    ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 8/31/2007 4:46:18 PM | Attr =    ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 1:31:38 PM | Attr = R  ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.3 | Size = 2040776 bytes | Modified Date = 9/13/2007 1:31:40 PM | Attr = R  ]
sr_gui.exe -> %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_GUI.exe -> Check Point Software Technologies [Ver = 63,0,000,044 | Size = 2691158 bytes | Modified Date = 5/24/2007 10:13:54 AM | Attr =    ]
sr_service.exe -> %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_Service.exe -> Check Point Software Technologies [Ver = 63,0,000,044 | Size = 106586 bytes | Modified Date = 5/24/2007 10:13:48 AM | Attr =    ]
sr_watchdog.exe -> %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -> Check Point Software Technologies [Ver = 63,0,000,044 | Size = 36955 bytes | Modified Date = 5/24/2007 10:13:50 AM | Attr =    ]
vncclipboard.exe -> %ProgramFiles%\RealVNC\VNC4\vncclipboard.exe -> RealVNC Ltd. [Ver = P4.3.1 | Size = 299792 bytes | Modified Date = 8/15/2007 5:26:50 PM | Attr =    ]
winpfind3u.exe -> %SystemDrive%\Downloads\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr =    ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = P4.3.1 | Size = 901864 bytes | Modified Date = 8/15/2007 5:26:40 PM | Attr =    ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = P4.3.1 | Size = 901864 bytes | Modified Date = 8/15/2007 5:26:40 PM | Attr =    ]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1548288 bytes | Modified Date = 3/21/2007 11:33:44 AM | Attr =    ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE ->  [Ver =  | Size = 24064 bytes | Modified Date = 3/21/2007 11:33:44 AM | Attr =    ]
xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 11/11/2006 5:10:40 PM | Attr =    ]

MTCca

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #46 on: October 12, 2007, 12:08:47 AM »

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 3:54:58 AM | Attr =    ]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 569344 bytes | Modified Date = 3/14/2007 7:53:10 PM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 4:06:04 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 4:05:42 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 4:04:44 AM | Attr =    ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] ->  -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] ->  -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] ->  -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 70656 bytes | Modified Date = 11/7/2006 12:27:02 PM | Attr =    ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] ->  -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =    ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPAHelper.exe) iPAHelper.exe [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod Access for Windows\iPAHelper.exe ->  [Ver =  | Size = 1543614 bytes | Modified Date = 4/5/2007 9:35:40 PM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 9/14/2007 9:59:56 AM | Attr =    ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr =    ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr =    ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/20/2007 12:42:30 AM | Attr =    ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] ->  -> File not found
(NBService) NBService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 6/29/2007 7:16:56 PM | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 6/27/2007 7:04:00 PM | Attr =    ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] ->  -> File not found

(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 8/31/2007 4:46:18 PM | Attr =    ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] ->  -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] ->  -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] ->  -> File not found
(SR_Service) Check Point VPN-1 Securemote service [Win32_Own | Auto | Running] -> %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_Service.exe -> Check Point Software Technologies [Ver = 63,0,000,044 | Size = 106586 bytes | Modified Date = 5/24/2007 10:13:48 AM | Attr =    ]
(SR_Watchdog) Check Point VPN-1 Securemote watchdog [Win32_Own | Auto | Running] -> %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -> Check Point Software Technologies [Ver = 63,0,000,044 | Size = 36955 bytes | Modified Date = 5/24/2007 10:13:50 AM | Attr =    ]
(stllssvr) stllssvr [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] ->  -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] ->  -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] ->  -> File not found
(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = P4.3.1 | Size = 901864 bytes | Modified Date = 8/15/2007 5:26:40 PM | Attr =    ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 11/11/2006 5:10:40 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 4:06:10 AM | Attr =    ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1548288 bytes | Modified Date = 3/21/2007 11:33:44 AM | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/3/2006 10:37:04 AM | Attr =    ]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr =    ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr =    ]
Windows Defender -> MSASCui.exe -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
 ->  -> File not found
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 3/25/2007 9:31:12 AM | Attr =    ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 1:31:38 PM | Attr = R  ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 11/10/2006 12:35:24 PM | Attr =    ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk ->
%SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 45056 bytes | Modified Date = 3/25/2007 5:24:34 PM | Attr = R  ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

MTCca

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #47 on: October 12, 2007, 12:09:24 AM »
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesMyComputer -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileAssociate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ShutdownWithoutLogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction -> 2 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings -> 1 ->
< HOSTS File > (497371 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > ->  ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 192.168.1.*;<local> ->

MTCca

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #48 on: October 12, 2007, 12:10:21 AM »
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [HelperObject Class] -> TechSmith Corporation [Ver = 1.0.1 | Size = 61440 bytes | Modified Date = 6/20/2006 8:10:00 AM | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr =    ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1312040 bytes | Modified Date = 9/13/2007 1:31:40 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =    ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 1.0.6 | Size = 151552 bytes | Modified Date = 6/20/2006 8:10:00 AM | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> Reg Data - Value does not exist [ButtonText: Skype] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{695F509D-F45A-4F8B-9F89-197534E4830E} ->    (Dell Wireless 1390 WLAN Mini-Card) ->
{74FEDCEC-FC5F-4405-8B0D-E6953714C67D} ->    () ->
{E82486E0-0803-4B6C-B2C0-7E200E5F72DE} ->    (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/13/2007 1:31:38 PM | Attr = R  ]
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 10/11/2007 11:38:42 AM | Attr =  HS]
cracker -> %SystemDrive%\cracker ->  [Folder | Created Date = 10/6/2007 10:12:56 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 937476096 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 10/6/2007 11:00:21 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 10/6/2007 11:00:21 AM | Attr = RHS]
SAV32CLI -> %SystemDrive%\SAV32CLI ->  [Folder | Created Date = 10/7/2007 11:28:49 AM | Attr =    ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 10/7/2007 11:07:54 AM | Attr =    ]
SDFix.exe -> %SystemDrive%\SDFix.exe ->  [Ver =  | Size = 1159340 bytes | Created Date = 10/6/2007 11:19:02 AM | Attr =    ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 10/6/2007 8:41:50 AM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 10/7/2007 9:43:10 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/6/2007 8:41:50 AM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/7/2007 9:43:10 AM | Attr =  H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 10/11/2007 3:35:57 PM | Attr =    ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 10/11/2007 7:55:13 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 10/6/2007 7:27:19 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 10/6/2007 7:27:19 AM | Attr =  H ]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Created Date = 9/17/2007 12:22:58 PM | Attr =    ]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.7.0.1 | Size = 729088 bytes | Created Date = 9/18/2007 6:24:32 AM | Attr =    ]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Created Date = 9/17/2007 12:23:00 PM | Attr =    ]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Created Date = 9/17/2007 12:23:00 PM | Attr =    ]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 802816 bytes | Created Date = 9/17/2007 12:22:58 PM | Attr =    ]
lvci1110.dll -> %System32%\lvci1110.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 195096 bytes | Created Date = 10/1/2007 8:55:40 PM | Attr =    ]
lvcodec2.dll -> %System32%\lvcodec2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 416280 bytes | Created Date = 10/1/2007 8:55:41 PM | Attr =    ]
lvcoinst.ini -> %System32%\lvcoinst.ini ->  [Ver =  | Size = 58163 bytes | Created Date = 10/1/2007 8:55:40 PM | Attr =    ]
LVUI2.dll -> %System32%\LVUI2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 490008 bytes | Created Date = 10/1/2007 8:55:41 PM | Attr =    ]
LVUI2RC.dll -> %System32%\LVUI2RC.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 465432 bytes | Created Date = 10/1/2007 8:55:41 PM | Attr =    ]
Repository.reg -> %System32%\Repository.reg ->  [Ver =  | Size = 19344 bytes | Created Date = 10/1/2007 8:55:40 PM | Attr =    ]
vncmirror.dll -> %System32%\vncmirror.dll -> RealVNC Ltd. [Ver = 1.7.0.0 | Size = 19968 bytes | Created Date = 10/11/2007 7:54:15 AM | Attr =    ]
lv302af.sys -> %System32%\drivers\lv302af.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 13848 bytes | Created Date = 10/1/2007 8:55:40 PM | Attr =    ]
LV302V32.SYS -> %System32%\drivers\LV302V32.SYS -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1278104 bytes | Created Date = 10/1/2007 8:55:42 PM | Attr =    ]
LVUSBSta.sys -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Created Date = 10/1/2007 8:55:40 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 10/6/2007 8:55:14 AM | Attr =    ]
vncmirror.sys -> %System32%\drivers\vncmirror.sys -> RealVNC Ltd. [Ver = 1.7.0.0 | Size = 3072 bytes | Created Date = 10/11/2007 7:54:15 AM | Attr =    ]
hosts.20071006-115156.backup -> %System32%\drivers\etc\hosts.20071006-115156.backup ->  [Ver =  | Size = 759 bytes | Created Date = 10/6/2007 11:51:56 AM | Attr =    ]

MTCca

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #49 on: October 12, 2007, 12:10:45 AM »


[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 10/11/2007 3:27:12 PM | Attr =  HS]
cracker -> %SystemDrive%\cracker ->  [Folder | Modified Date = 10/6/2007 10:12:58 AM | Attr =    ]
Downloads -> %SystemDrive%\Downloads ->  [Folder | Modified Date = 10/11/2007 3:40:22 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 937476096 bytes | Modified Date = 10/11/2007 3:27:16 PM | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 10/6/2007 11:00:22 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 10/6/2007 11:00:22 AM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 10/11/2007 1:48:14 PM | Attr = R  ]
ProgramData -> %AllUsersAppData% ->  [Folder | Modified Date = 10/5/2007 8:07:12 PM | Attr =  H ]
SAV32CLI -> %SystemDrive%\SAV32CLI ->  [Folder | Modified Date = 10/7/2007 11:28:52 AM | Attr =    ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 10/8/2007 8:13:44 PM | Attr =    ]
SDFix.exe -> %SystemDrive%\SDFix.exe ->  [Ver =  | Size = 1159340 bytes | Modified Date = 10/6/2007 11:19:10 AM | Attr =    ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 10/6/2007 8:41:52 AM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 10/7/2007 9:43:12 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/6/2007 8:41:52 AM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/7/2007 9:43:12 AM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 10/11/2007 11:39:48 AM | Attr =  HS]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 10/11/2007 3:27:02 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 10/11/2007 3:35:58 PM | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 10/11/2007 6:53:22 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 10/11/2007 3:27:46 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 10/7/2007 9:38:08 PM | Attr =   S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 10/11/2007 7:55:14 AM | Attr =    ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 10/11/2007 11:40:02 AM | Attr =  HS]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Modified Date = 10/11/2007 7:55:16 AM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 10/7/2007 9:49:08 AM | Attr =    ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI ->  [Ver =  | Size = 151 bytes | Modified Date = 9/29/2007 7:30:48 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 10/11/2007 3:40:40 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 10/6/2007 7:27:20 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 10/11/2007 6:58:12 AM | Attr =  H ]
System32 -> %System32% ->  [Folder | Modified Date = 10/11/2007 3:36:00 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 10/11/2007 3:40:34 PM | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 10/1/2007 9:16:44 PM | Attr =    ]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 10/11/2007 6:55:38 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/11/2007 3:28:16 PM | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 10/11/2007 3:27:56 PM | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3584 bytes | Modified Date = 10/11/2007 3:27:56 PM | Attr =  H ]
catroot -> %System32%\catroot ->  [Folder | Modified Date = 10/11/2007 7:55:18 AM | Attr =    ]
catroot2 -> %System32%\catroot2 ->  [Folder | Modified Date = 10/11/2007 11:39:50 AM | Attr =    ]
config.nt -> %System32%\config.nt ->  [Ver =  | Size = 2577 bytes | Modified Date = 9/16/2007 8:13:50 AM | Attr =    ]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 9/17/2007 12:22:58 PM | Attr =    ]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.7.0.1 | Size = 729088 bytes | Modified Date = 9/18/2007 6:24:32 AM | Attr =    ]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Modified Date = 9/17/2007 12:23:00 PM | Attr =    ]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Modified Date = 9/17/2007 12:23:00 PM | Attr =    ]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 802816 bytes | Modified Date = 9/17/2007 12:22:58 PM | Attr =    ]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 10/11/2007 7:55:22 AM | Attr =    ]
migration -> %System32%\migration ->  [Folder | Modified Date = 10/11/2007 6:53:22 AM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 107142 bytes | Modified Date = 10/10/2007 9:00:24 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 619962 bytes | Modified Date = 10/10/2007 9:00:24 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 712106 bytes | Modified Date = 10/10/2007 9:00:24 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 10/11/2007 3:26:16 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 10/6/2007 8:48:14 AM | Attr =    ]
hosts.bak -> %System32%\drivers\etc\hosts.bak ->  [Ver =  | Size = 186806 bytes | Modified Date = 10/6/2007 11:51:58 AM | Attr = R  ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (139933997 bytes) ->
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 4:09:50 AM | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Modified Date = 9/17/2007 12:22:58 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.99 | Size = 75264 bytes | Modified Date = 5/15/2004 4:10:42 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\MonkeySource.ax ->  [Ver =  | Size = 177152 bytes | Modified Date = 6/19/2004 6:28:44 PM | Attr =    ]
Thawte Consulting ,  -> %System32%\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 157352 bytes | Modified Date = 6/9/2006 10:54:34 AM | Attr =    ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 497371 bytes | Modified Date = 10/8/2007 8:57:54 PM | Attr =    ]
abetterinternet.com , web-nex , ad-w-a-r-e.com ,  -> %System32%\drivers\etc\hosts.bak ->  [Ver =  | Size = 186806 bytes | Modified Date = 10/6/2007 11:51:58 AM | Attr = R  ]

< End of report >

Thanks for your time!

jonathanlkm

  • Guest
Re: 1.reg Malware - How to get rid of it?
« Reply #50 on: October 12, 2007, 10:04:31 AM »
Hi there...

Finally I figured out what happen to my internet connection. Apparently I can't use Bitcomet or any P2P application while I surf the Internet using IE or Firefox. But it was possible before when the malware attacked my computer :)

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 1.reg Malware - How to get rid of it?
« Reply #51 on: October 12, 2007, 09:04:17 PM »
Not a lot there

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote
[Registry - Non-Microsoft Only]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[File String Scan - Non-Microsoft Only]
NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.bak
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

THEN

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

This will catch the orphan registry entries plus any old dormant files