« previous next »
Pages: [1] 2   Go Down

Author Topic: win32:rootkit-gen(rtk) and win32:trojan-gen (other)  (Read 14703 times)

0 Members and 1 Guest are viewing this topic.

jamboy

  • Guest
win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« on: April 15, 2009, 01:44:42 AM »
Hey my computers have been running slow and not loading all pages my living computer is running average speed did scan on avast and it shows i have win32 rootkit and win32 trojan -jen other unable to delete or move to chest i have a hijack this log any help would be very appreciated.
log is for my computer in my living room i will post log for room computer which seems to have most of the problems.


Logged

jamboy

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #1 on: April 15, 2009, 01:45:59 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:41 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555312500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9489 bytes
Logged

jamboy

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #2 on: April 15, 2009, 02:24:54 AM »
im all new to this but i wrote done the locations of the files that avast found it doesnt look to be that they showed on hi jack this i might have done it wrong but here are the results from boot scan

windows\instsp2.exe win 32:rootkit gen (rtk)

c:windows\system32\busoguze.dll win32 trojan-gen(other)

windows\system32\dijanumo.dll win32 trojan -gen (other)
« Last Edit: April 15, 2009, 02:35:02 AM by jamboy »
Logged

CharleyO

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #3 on: April 15, 2009, 09:26:28 AM »
***

An analysis of your HJT log shows the following :

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.


O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. toolbar.dll - AOL toolbar.
Also related to the information at the below link :
http://www.threatexpert.com/report.aspx?md5=8d926957ede6c1de165d8d7ebd1e24a3


***
Logged

jamboy

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #4 on: April 19, 2009, 02:19:06 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:17 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555312500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8939 bytes
Logged

jamboy

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #5 on: April 19, 2009, 02:20:11 AM »
this is a log from my comp in the living room can you please analyze and let me know if there is anything that needs to be fixed or addressed, any help will be much appreciated.
Logged

CharleyO

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #6 on: April 19, 2009, 12:47:32 PM »
***

An analysis of your second HJT log shows little to worry about. Only one thing of note.

We didn't detect any active process of a firewall on your system.
Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.

I suppose you are using Windows firewall?

Otherwise, a good HJT log.


***
Logged

micky77

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #7 on: April 19, 2009, 02:18:01 PM »
In my opinion, HJT is becoming useless.You appear to have 3 nasties

windows\instsp2.exe win 32:rootkit gen (rtk)

c:windows\system32\busoguze.dll win32 trojan-gen(other)

windows\system32\dijanumo.dll win32 trojan -gen (other)

I'm beginning to think T.M bought HJT, so they could run it into the ground.When was the last time it was upgraded/updated ?
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89065
  • No support PMs thanks
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #8 on: April 19, 2009, 05:15:45 PM »
Well HJT doesn't do anything, it is just an analysis tool and as such is only as good as the analysis, it doesn't flag things as malicious.

However, if avast has detected those files it may also have checked for any associated registry entries and removed those too, so these wouldn't have appeared in a HJT log, (so nothing to analyse).
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

micky77

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #9 on: April 19, 2009, 05:44:02 PM »
Quote from: DavidR on April 19, 2009, 05:15:45 PM
However, if avast has detected those files it may also have checked for any associated registry entries and removed those too

I assumed Avast was unable to remove, and had removed nothing, so any registry entries were still there, but not detected by HJT.
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89065
  • No support PMs thanks
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #10 on: April 19, 2009, 06:40:40 PM »
I don't know where you made that assumption from as the OP reported those as what avast detected (and removed on a boot-time scan), from his other system in Reply #2. So are unrelated to the latest HJT log from a different system.

When rootkits are involved they too would obscure running processes from HJT, as they do from many other security applications, so it isn't unusual to see them not appear in a purely analysis tool (as it has no anti-rootkit functionality).
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

micky77

  • Guest
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #11 on: April 19, 2009, 07:35:27 PM »
Quote from: DavidR on April 19, 2009, 06:40:40 PM
I don't know where you made that assumption from as the OP reported those as what avast detected (and removed on a boot-time scan), from his other system in Reply #2. So are unrelated to the latest HJT log from a different system.

When rootkits are involved they too would obscure running processes from HJT, as they do from many other security applications, so it isn't unusual to see them not appear in a purely analysis tool (as it has no anti-rootkit functionality).
I was refering to his 1st post on Apr 14 when he said Avast was unable to delete or move win32 trojan, the same date he posted the HJT log. The boot scan was done on the 15th.( I assume )
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #12 on: April 19, 2009, 07:36:50 PM »
A lot of malware now bypasses HJT and hides in other areas -  The current replacement tool of choice used on at least four forums that I frequent and assist  is OTListit one of the Oldtimer family of scanners and it is very effective.  This is the scan from my system  

OTListIt logfile created on: 19/04/2009 18:31:37 - Run 13
OTListIt2 by OldTimer - Version 2.0.7.0     Folder = D:\Users\Martin\Downloads\WinPFind35
Windows Vista Ultimate Edition Service Pack 2, v.286 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 98.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 56.17 Gb Total Space | 29.54 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
Drive D: | 91.37 Gb Total Space | 49.28 Gb Free Space | 53.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 9.05 Gb Total Space | 4.57 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive K: | 67.29 Gb Total Space | 40.13 Gb Free Space | 59.64% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC
Current User Name: Martin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
 
========== Processes (SafeList) ==========
 
PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/01/30 23:27:50 | 02,927,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\Explorer.EXE
PRC - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/03/27 19:22:13 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2007/04/14 18:33:30 | 00,868,352 | ---- | M] (CaledosLAB) -- D:\Program Files\CaledosLAB\Caledos Automatic Wallpaper Changer\CaledosWallpaper6.exe
PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/08/31 19:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 19:50:50 | 00,114,528 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/03 03:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- D:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/03/20 17:57:02 | 00,499,200 | ---- | M] (OldTimer Tools) -- D:\Users\Martin\Downloads\WinPFind35\OTListIt2.exe
 
========== Win32 Services (SafeList) ==========
 
SRV - [2006/10/16 22:13:28 | 00,230,944 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [On_Demand | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [On_Demand | Stopped])
SRV - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/08/08 09:46:13 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- D:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [On_Demand | Stopped])
SRV - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [On_Demand | Stopped])
SRV - [2008/12/14 18:02:50 | 00,067,400 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv [Auto | Running])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- D:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\ehome\ehstart.dll -- (ehstart [On_Demand | Stopped])
SRV - [2008/12/16 17:50:38 | 00,043,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/12/16 17:50:30 | 00,879,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/12/16 17:50:32 | 00,129,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/12 20:18:49 | 00,360,192 | ---- | M] (TuneUp Software) -- D:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2008/12/12 20:18:50 | 00,603,904 | ---- | M] (TuneUp Software) -- D:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [On_Demand | Stopped])
SRV - [2008/12/11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- D:\Windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
 
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #13 on: April 19, 2009, 07:38:30 PM »
========== Driver Services (SafeList) ==========
 
DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- D:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/06/29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- D:\Windows\system32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- D:\Windows\system32\DRIVERS\WG11TND5.sys -- (AR5523 [On_Demand | Running])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 22:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- D:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008/08/08 10:31:29 | 03,895,808 | ---- | M] (ATI Technologies Inc.) -- D:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- D:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2009/04/03 12:17:04 | 00,037,904 | ---- | M] (COMODO Security Solutions Inc.) -- D:\Windows\System32\drivers\crpf.sys -- (crpf [Boot | Running])
DRV - [2009/04/03 12:18:10 | 00,040,464 | ---- | M] (COMODO Security Solutions Inc.) -- D:\Windows\System32\drivers\csdf.sys -- (csdf [Boot | Running])
DRV - [2009/01/15 10:15:26 | 00,015,360 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\dc3d.sys -- (dc3d [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- D:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- D:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/02/25 20:22:12 | 00,009,728 | ---- | M] () -- D:\Windows\system32\epmntdrv.sys -- (epmntdrv [On_Demand | Stopped])
DRV - [2009/02/25 20:22:12 | 00,003,072 | ---- | M] () -- D:\Windows\system32\EuGdiDrv.sys -- (EuGdiDrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- D:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- D:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- D:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- D:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- D:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- D:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- D:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- D:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- D:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- D:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- D:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- D:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- D:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/08/31 19:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2006/12/08 05:25:00 | 04,462,152 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Stopped])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/26 03:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2007/08/21 09:13:03 | 00,024,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])
DRV - [2009/03/24 12:03:08 | 00,007,808 | ---- | M] (Secunia) -- D:\Windows\system32\DRIVERS\psi_mf.sys -- (PSI [On_Demand | Stopped])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- D:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- D:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/08/08 10:31:29 | 03,895,808 | ---- | M] (ATI Technologies Inc.) -- D:\Windows\system32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2005/03/21 11:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- D:\Windows\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])
DRV - [2009/03/27 19:22:13 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/11/06 17:18:54 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/11/06 17:18:52 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
========== Standard Registry (SafeList) ==========
 
 
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32:rootkit-gen(rtk) and win32:trojan-gen (other)
« Reply #14 on: April 19, 2009, 07:39:37 PM »
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateworld.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: D:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2008/07/08 19:16:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/09 20:01:43 | 00,000,000 | ---D | M]
 
 
Logged
Pages: [1] 2   Go Up
« previous next »