Help! win32/pacex.gen virÃ¼s

ronniesullivan · 2008/05/19

i am experiencing win32/pacex.gen virÃ¼s for the first time and like other victims i also couldnt get rid of it by nod32. if u can help i'll appreciate.

here are my logs as u wanted..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:20, on 19.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AVERTV2K\QuickTV.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum AÃ§ma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\AVERTV2K\QuickTV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{933DDC48-AA4D-4401-BC8F-71A951E684CB}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 8158 bytes

----------------------------

Deckard's System Scanner v20071014.68
Run by Matthew on 2008-05-19 17:49:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
77: 2008-05-19 14:49:36 UTC - RP111 - Deckard's System Scanner Restore Point
76: 2008-05-19 09:32:31 UTC - RP110 - Software Distribution Service 3.0
75: 2008-05-19 04:53:10 UTC - RP109 - Software Distribution Service 3.0
74: 2008-05-17 09:38:17 UTC - RP108 - Software Distribution Service 3.0
73: 2008-05-16 22:32:49 UTC - RP107 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-03-17 13:31:41 UTC - RP35 - Kaldırıldı Opera 9.21

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Matthew.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:41, on 19.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AVERTV2K\QuickTV.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Matthew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Matthew.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum AÃ§ma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\AVERTV2K\QuickTV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{933DDC48-AA4D-4401-BC8F-71A951E684CB}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 8162 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 atitray - c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe "

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-13 21:43:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 17:48:08 0 d-------- C:\Program Files\Trend Micro
2008-05-19 12:50:06 0 d-------- C:\Program Files\EsetOnlineScanner
2008-05-19 11:17:43 125952 -r-hs---- C:\WINDOWS\system32\kavo1.dll
2008-05-19 11:16:49 81408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-05-19 07:08:02 81408 -r-hs---- C:\WINDOWS\system32\tavo1.dll
2008-05-19 00:06:54 113054 -r-hs---- C:\WINDOWS\system32\tavo.exe
2008-05-19 00:06:18 117349 -r-hs---- C:\v3pif.bat
2008-05-19 00:05:47 125952 -r-hs---- C:\WINDOWS\system32\kavo0.dll
2008-05-19 00:05:47 118049 -r-hs---- C:\WINDOWS\system32\kavo.exe
2008-05-15 15:24:49 0 d-------- C:\Program Files\Istanbul
2008-05-15 15:24:17 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-14 16:09:18 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-14 16:07:18 0 d-------- C:\WINDOWS\ShellNew
2008-05-07 01:03:31 4096 --a------ C:\WINDOWS\system32\crash
2008-05-05 08:49:11 0 d-------- C:\Documents and Settings\Matthew\Application Data\Leadertech
2008-05-04 00:19:12 0 d-------- C:\Program Files\iPod
2008-05-04 00:19:04 0 d-------- C:\Program Files\iTunes
2008-05-04 00:18:30 0 d-------- C:\Program Files\Common Files\Apple
2008-05-03 23:54:16 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 23:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-01 15:27:58 0 d-------- C:\Program Files\SopCast
2008-04-29 23:42:50 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-28 19:27:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-28 19:27:56 0 d-------- C:\Documents and Settings\Matthew\Application Data\atitray
2008-04-28 19:04:48 0 d-------- C:\Program Files\MultiRes
2008-04-28 19:04:02 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-04-28 18:52:43 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-25 17:49:01 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-25 17:48:55 0 d-------- C:\temp
2008-04-25 16:42:42 0 d-------- C:\Documents and Settings\Matthew\Application Data\AdobeUM
2008-04-24 13:58:03 0 d-------- C:\Documents and Settings\Matthew\Application Data\Apple Computer
2008-04-23 03:01:04 0 d-------- C:\Program Files\MSXML 4.0
2008-04-22 15:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 14:38:59 0 d-------- C:\Program Files\QuickTime
2008-04-22 12:31:55 0 d-------- C:\WINDOWS\system32\tr-tr
2008-04-22 12:26:15 0 d-------- C:\WINDOWS\network diagnostic <NETWOR~1>
2008-04-22 09:06:00 0 d-------- C:\Program Files\Sony
2008-04-22 09:03:48 0 d-------- C:\Documents and Settings\Matthew\Application Data\Teleca
2008-04-22 08:21:58 0 d-------- C:\Documents and Settings\Matthew\Application Data\Sony Ericsson
2008-04-22 08:20:42 0 d-------- C:\Program Files\Sony Setup
2008-04-22 08:14:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-22 08:14:15 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-04-22 08:14:06 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-22 08:14:03 0 d-------- C:\Program Files\Sony Ericsson
2008-04-22 08:14:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-22 08:13:47 0 d-------- C:\WINDOWS\Downloaded Installations <DOWNLO~2>
2008-04-22 01:00:22 0 d-------- C:\Program Files\MediaMonkey
2008-04-21 16:22:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-21 16:20:31 0 d-------- C:\Program Files\Last.fm

-- Find3M Report ---------------------------------------------------------------

2008-05-19 17:51:41 0 d-------- C:\Documents and Settings\Matthew\Application Data\uTorrent
2008-05-19 17:43:50 0 d-------- C:\Program Files\cFosSpeed
2008-05-19 17:15:53 0 d-------- C:\Documents and Settings\Matthew\Application Data\StumbleUpon
2008-05-19 15:29:55 0 d-------- C:\Program Files\Soulseek
2008-05-14 16:08:47 0 d-------- C:\Program Files\Common Files
2008-05-14 15:47:22 0 d-------- C:\Documents and Settings\Matthew\Application Data\OpenOffice.org2
2008-04-30 17:56:09 0 d-------- C:\Documents and Settings\Matthew\Application Data\Winamp
2008-04-29 23:47:18 0 d-------- C:\Documents and Settings\Matthew\Application Data\ATI
2008-04-29 23:43:24 0 d-------- C:\Program Files\ATI Technologies
2008-04-28 18:41:26 0 d-------- C:\Program Files\PicLensIE
2008-04-28 18:40:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 17:16:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 16:42:52 0 d-------- C:\Documents and Settings\Matthew\Application Data\Adobe
2008-04-23 02:56:02 0 d-------- C:\Documents and Settings\Matthew\Application Data\Hamachi
2008-04-18 15:01:00 0 d-------- C:\Documents and Settings\Matthew\Application Data\Ashampoo
2008-04-18 15:00:44 0 d-------- C:\Program Files\Ashampoo
2008-04-18 04:48:51 0 d-------- C:\Program Files\StumbleUpon
2008-04-14 20:59:39 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-07 21:43:33 0 d-------- C:\Program Files\Opera
2008-04-07 17:49:05 0 d-------- C:\Program Files\EKAf Incorporated
2008-04-07 16:21:53 0 d-------- C:\Program Files\Java
2008-04-06 12:48:15 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-04-06 12:47:01 0 d-------- C:\Program Files\Common Files\Java
2008-04-06 12:46:50 0 d-------- C:\Documents and Settings\Matthew\Application Data\Sun
2008-04-06 12:17:23 0 d-------- C:\Program Files\Rage3DTweak
2008-04-05 22:35:07 0 d-------- C:\Program Files\Intelore
2008-04-05 21:15:21 0 d-------- C:\Program Files\kmp
2008-04-01 18:18:04 0 d-------- C:\Program Files\FDRLab
2008-03-30 18:46:12 403256 --a------ C:\WINDOWS\system32\perfh01F.dat
2008-03-30 18:46:12 75814 --a------ C:\WINDOWS\system32\perfc01F.dat
2008-03-27 19:08:37 0 d-------- C:\Documents and Settings\Matthew\Application Data\vlc
2008-03-27 19:07:13 0 d-------- C:\Program Files\VideoLAN
2008-03-22 15:35:48 0 d-------- C:\Program Files\Winamp
2008-03-21 19:46:46 0 d-------- C:\Program Files\FreshDevices
2008-03-15 18:43:57 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-03-10 17:21:18 62 --ahs---- C:\Documents and Settings\Matthew\Application Data\desktop.ini
2008-03-10 15:30:45 0 -rahs---- C:\MSDOS.SYS
2008-03-10 15:30:45 0 -rahs---- C:\IO.SYS
2008-03-10 15:30:45 0 --a------ C:\CONFIG.SYS
2008-03-10 15:30:45 0 --a------ C:\AUTOEXEC.BAT
2008-03-10 15:28:21 21736 --a------ C:\WINDOWS\system32\emptyregdb.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
13.03.2008 15:20 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG "= "C:\WINDOWS\SiSUSBrg.exe" [12.07.2002 13:15]
"Cmaudio "= "cmicnfg.cpl" []
"cFosSpeed "= "C:\Program Files\cFosSpeed\cFosSpeed.exe" [13.03.2007 18:30]
"AGRSMMSG "= "AGRSMMSG.exe" [04.03.2005 13:01 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [15.03.2008 18:43]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [22.04.2008 14:39]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09.03.2007 11:09]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02.01.2006 16:41]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:35]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [29.08.2007 18:09]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:45]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"kava "= "C:\WINDOWS\system32\kavo.exe" [19.05.2008 11:17]
"tava "= "C:\WINDOWS\system32\tavo.exe" [19.05.2008 11:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Matthew\Start Menu\Programlar\BaÅ¸lang�â€¡\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [21.04.2008 16:20:33]
Ã¦Torrent.lnk - C:\Program Files\uTorrent\utorrent.exe [15.02.2007 23:17:12]

C:\Documents and Settings\All Users\Start Menu\Programlar\BaÅ¸lang�â€¡\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 01:01:04]
QuickTV.lnk - C:\AVERTV2K\QuickTV.exe [20.03.2008 18:49:19]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- lp3c.bat
explore\Command- lp3c.bat
open\Command- lp3c.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- lp3c.bat
explore\Command- lp3c.bat
open\Command- lp3c.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6648a486-faae-11dc-b8d5-000d61ee752e}]
AutoRun\command- G:\v3pif.bat
explore\Command- G:\v3pif.bat
open\Command- G:\v3pif.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd4f683d-eea6-11dc-9fed-806d6172696f}]
AutoRun\command- lp3c.bat
explore\Command- lp3c.bat
open\Command- lp3c.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd4f683f-eea6-11dc-9fed-806d6172696f}]
AutoRun\command- lp3c.bat
explore\Command- lp3c.bat
open\Command- lp3c.bat

-- End of Deckard's System Scanner: finished at 2008-05-19 17:52:28 ------

noahdfear · 2008/05/19

Welcome to WindowsBBS ronniesullivan

First, you have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ronniesullivan · 2008/05/20

usb disc was not mine so it's not my concern. but i did what wxactly what you said and here is the log. Thank you by the way...

ComboFix 08-05-19.4 - Matthew 2008-05-20 18:11:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1055.18.676 [GMT 3:00]
Running from: C:\Documents and Settings\Matthew\Belgelerim\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\tavo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-19 17:48 . 2008-05-19 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 17:48 . 2008-05-19 17:48 <DIR> d-------- C:\Deckard
2008-05-19 12:50 . 2008-05-19 12:53 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-05-19 00:06 . 2008-05-17 00:35 117,349 -r-hs---- C:\v3pif.bat
2008-05-15 15:24 . 2008-05-19 11:30 <DIR> d-------- C:\Program Files\Istanbul
2008-05-15 15:24 . 2008-05-15 15:24 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-15 15:24 . 2008-05-15 15:24 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-14 16:09 . 2008-05-14 16:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-14 16:07 . 2008-05-16 23:18 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-14 16:07 . 2008-05-14 16:07 32 --a------ C:\WINDOWS\MS Office 2007 Pro Plus & Expression Web.INI
2008-05-07 01:03 . 2008-05-07 01:03 4,096 --a------ C:\WINDOWS\system32\crash
2008-05-05 08:49 . 2008-05-05 08:49 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Leadertech
2008-05-04 00:19 . 2008-05-04 00:19 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 00:19 . 2008-05-04 00:19 <DIR> d-------- C:\Program Files\iPod
2008-05-04 00:18 . 2008-05-04 00:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 23:54 . 2008-05-03 23:54 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-03 23:54 . 2008-05-03 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-01 15:27 . 2008-05-01 15:28 <DIR> d-------- C:\Program Files\SopCast
2008-04-29 23:42 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-28 19:27 . 2008-04-28 19:27 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\atitray
2008-04-28 19:27 . 2008-04-28 19:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-28 19:15 . 2006-02-22 04:05 356,937 --a------ C:\WINDOWS\system32\atmtrkxx.hlp
2008-04-28 19:15 . 2006-02-22 04:05 120,302 --a------ C:\WINDOWS\system32\atttrkxx.hlp
2008-04-28 19:15 . 2006-02-22 04:05 48,174 --a------ C:\WINDOWS\system32\atftrkxx.hlp
2008-04-28 19:04 . 2008-04-28 19:04 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-04-28 19:04 . 2008-04-28 19:04 <DIR> d-------- C:\Program Files\MultiRes
2008-04-28 19:04 . 2008-04-28 19:04 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-04-28 18:52 . 2008-04-30 11:09 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-28 18:41 . 2004-08-04 00:45 32,768 --a--c--- C:\WINDOWS\system32\dllcache\ativtmxx.dll
2008-04-28 18:41 . 2004-08-04 00:45 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2008-04-28 18:41 . 2004-08-04 00:45 23,040 --a--c--- C:\WINDOWS\system32\dllcache\ativmvxx.ax
2008-04-28 18:41 . 2004-08-04 00:45 23,040 --a------ C:\WINDOWS\system32\ativmvxx.ax
2008-04-25 17:49 . 2008-04-25 17:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-25 17:48 . 2008-04-25 17:49 <DIR> d-------- C:\temp\ext18866
2008-04-25 17:48 . 2008-04-25 17:48 <DIR> d-------- C:\temp
2008-04-25 16:42 . 2008-04-25 16:48 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\AdobeUM
2008-04-24 13:58 . 2008-05-04 00:19 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Apple Computer
2008-04-24 13:57 . 2008-05-20 12:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 13:57 . 2008-05-04 00:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 03:01 . 2008-04-23 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 14:38 . 2008-04-22 15:02 <DIR> d-------- C:\Program Files\QuickTime
2008-04-22 12:31 . 2008-04-22 12:31 <DIR> d-------- C:\WINDOWS\system32\tr-tr
2008-04-22 12:19 . 2008-03-01 15:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-22 12:19 . 2007-07-01 06:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-22 12:19 . 2007-07-01 06:36 1,015,808 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-22 12:19 . 2008-03-01 15:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-22 12:19 . 2008-03-01 15:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-22 12:19 . 2008-03-01 15:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 12:19 . 2008-03-01 15:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-22 12:19 . 2008-03-01 15:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-22 12:19 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-22 12:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-22 09:06 . 2008-04-22 09:06 <DIR> d-------- C:\Program Files\Sony
2008-04-22 09:04 . 2006-02-19 17:47 97,056 -ra------ C:\WINDOWS\system32\drivers\W700mdm.sys
2008-04-22 09:04 . 2006-02-19 17:48 88,560 -ra------ C:\WINDOWS\system32\drivers\W700mgmt.sys
2008-04-22 09:04 . 2006-02-19 17:48 86,368 -ra------ C:\WINDOWS\system32\drivers\W700obex.sys
2008-04-22 09:04 . 2006-02-19 17:47 61,536 -ra------ C:\WINDOWS\system32\drivers\W700bus.sys
2008-04-22 09:04 . 2006-02-19 17:47 9,264 -ra------ C:\WINDOWS\system32\drivers\W700mdfl.sys
2008-04-22 09:04 . 2006-02-19 17:47 6,208 -ra------ C:\WINDOWS\system32\drivers\W700cmnt.sys
2008-04-22 09:04 . 2006-02-19 17:47 6,208 -ra------ C:\WINDOWS\system32\drivers\W700cm.sys
2008-04-22 09:04 . 2006-02-19 17:48 5,840 -ra------ C:\WINDOWS\system32\drivers\W700whnt.sys
2008-04-22 09:04 . 2006-02-19 17:48 5,840 -ra------ C:\WINDOWS\system32\drivers\W700wh.sys
2008-04-22 09:03 . 2008-04-22 09:05 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Teleca
2008-04-22 08:21 . 2008-04-22 08:21 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\Sony Ericsson
2008-04-22 08:20 . 2008-04-22 08:20 <DIR> d-------- C:\Program Files\Sony Setup
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-04-22 08:14 . 2008-04-22 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-22 08:13 . 2008-04-24 13:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 01:00 . 2008-04-23 19:00 <DIR> d-------- C:\Program Files\MediaMonkey
2008-04-22 01:00 . 2008-05-14 16:09 488 --a------ C:\WINDOWS\ODBC.INI
2008-04-21 16:22 . 2008-04-21 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d-------- C:\Program Files\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 15:11 --------- d-----w C:\Program Files\cFosSpeed
2008-05-20 15:10 --------- d-----w C:\Documents and Settings\Matthew\Application Data\uTorrent
2008-05-20 09:04 --------- d-----w C:\Documents and Settings\Matthew\Application Data\StumbleUpon
2008-05-19 12:29 --------- d-----w C:\Program Files\Soulseek
2008-05-19 09:18 --------- d-----w C:\Program Files\Eset
2008-05-14 12:47 --------- d-----w C:\Documents and Settings\Matthew\Application Data\OpenOffice.org2
2008-04-30 14:56 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Winamp
2008-04-29 20:47 --------- d-----w C:\Documents and Settings\Matthew\Application Data\ATI
2008-04-29 20:43 --------- d-----w C:\Program Files\ATI Technologies
2008-04-28 15:41 --------- d-----w C:\Program Files\PicLensIE
2008-04-28 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 23:56 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Hamachi
2008-04-18 12:01 --------- d-----w C:\Documents and Settings\Matthew\Application Data\Ashampoo
2008-04-18 12:00 --------- d-----w C:\Program Files\Ashampoo
2008-04-18 01:48 --------- d-----w C:\Program Files\StumbleUpon
2008-04-14 17:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-07 18:43 --------- d-----w C:\Program Files\Opera
2008-04-07 14:49 --------- d-----w C:\Program Files\EKAf Incorporated
2008-04-07 13:21 --------- d-----w C:\Program Files\Java
2008-04-06 09:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-06 09:47 --------- d-----w C:\Program Files\Common Files\Java
2008-04-06 09:17 --------- d-----w C:\Program Files\Rage3DTweak
2008-04-05 19:35 --------- d-----w C:\Program Files\Intelore
2008-04-05 18:15 --------- d-----w C:\Program Files\kmp
2008-04-01 15:18 --------- d-----w C:\Program Files\FDRLab
2008-03-31 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-27 16:08 --------- d-----w C:\Documents and Settings\Matthew\Application Data\vlc
2008-03-27 16:07 --------- d-----w C:\Program Files\VideoLAN
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 158,496 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 12:35 --------- d-----w C:\Program Files\Winamp
2008-03-21 16:46 --------- d-----w C:\Program Files\FreshDevices
2008-03-20 08:07 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 15:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-19 15:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-15 15:43 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-10 13:28 58,952 ----a-w C:\WINDOWS\system32\MsgPlusLoader.dll
2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-03-13 15:20 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 18:09 171464]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG "= "C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 13:15 106496]
"Cmaudio "= "cmicnfg.cpl" []
"cFosSpeed "= "C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-13 18:30 834776]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-03-04 13:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [2008-03-15 18:43 949376]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-04-22 14:39 413696]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:45 15360]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\Matthew\Start Menu\Programlar\BaŸlang�‡\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-04-21 16:20:33 106496]
Ã¦Torrent.lnk - C:\Program Files\uTorrent\utorrent.exe [2007-02-15 23:17:12 177152]

C:\Documents and Settings\All Users\Start Menu\Programlar\BaŸlang�‡\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
QuickTV.lnk - C:\AVERTV2K\QuickTV.exe [2008-03-20 18:49:19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 01:45 15360 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-04-26 09:45 401408 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Hamachi\\hamachi.exe "=
"C:\\WINDOWS\\system32\\cmd.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe "=
"D:\\Counter-Strike 1.6\\hl.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\emule0.48a-Xtreme6.1\\emule.exe "=
"C:\\Program Files\\cFosSpeed\\cfosspeed.exe "=
"C:\\Program Files\\cFosSpeed\\spd.exe "=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe "=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe "=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-08-22 02:44]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-08-22 02:19]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2001-08-22 02:43]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2006-02-19 17:47]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2006-02-19 17:47]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2006-02-19 17:47]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2006-02-19 17:48]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2006-02-19 17:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - lp3c.bat
\Shell\explore\Command - lp3c.bat
\Shell\open\Command - lp3c.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - lp3c.bat
\Shell\explore\Command - lp3c.bat
\Shell\open\Command - lp3c.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6648a486-faae-11dc-b8d5-000d61ee752e}]
\Shell\AutoRun\command - G:\v3pif.bat
\Shell\explore\Command - G:\v3pif.bat
\Shell\open\Command - G:\v3pif.bat

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 18:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 18:14:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-05-20 18:17:28
ComboFix-quarantined-files.txt 2008-05-20 15:16:26

14 Dizin 16,237,568,000 bayt boş
16 Dizin 16,266,674,176 bayt boş

251 --- E O F --- 2008-05-19 09:34:24

noahdfear · 2008/05/21

Sorry for the delayed response.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\v3pif.bat
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6648a486-faae-11dc-b8d5-000d61ee752e}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Log in or Sign up

Help! win32/pacex.gen virÃ¼s

ronniesullivan Inactive Thread Starter

noahdfear Inactive

ronniesullivan Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Help! win32/pacex.gen virÃ¼s

ronniesullivan Inactive Thread Starter

noahdfear Inactive

ronniesullivan Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches