Solve : Malware scan logfiles?

1.	Solve : Malware scan logfiles?
Answer» SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/29/2008 at 02:00 AM Application Version : 4.1.1046 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:20:28 Memory items scanned : 395 Memory threats detected : 0 Registry items scanned : 3370 Registry threats detected : 28 File items scanned : 20510 File threats detected : 20 Rogue.WinIFixer C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com C:\Program Files\WinIFixer\MFC71.dll C:\Program Files\WinIFixer\MFC71ENU.DLL C:\Program Files\WinIFixer\msvcp71.dll C:\Program Files\WinIFixer\msvcr71.dll C:\Program Files\WinIFixer\WinIFixer.exe C:\Program Files\WinIFixer\WinIFixerSkin.dll C:\Program Files\WinIFixer HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinIFixer [ C:\Program Files\WinIFixer\WinIFixer.exe ] HKLM\Software\winifixer.com HKLM\Software\winifixer.com#MGuid HKLM\Software\winifixer.com\WinIFixer HKLM\Software\winifixer.com\WinIFixer#RegistrationUrl HKLM\Software\winifixer.com\WinIFixer#RegistrationDiscUrl HKLM\Software\winifixer.com\WinIFixer#ADVid HKLM\Software\winifixer.com\WinIFixer#InstallDir HKLM\Software\winifixer.com\WinIFixer#domain HKLM\Software\winifixer.com\WinIFixer#SoftID HKLM\Software\winifixer.com\WinIFixer#DatabaseVersion HKLM\Software\winifixer.com\WinIFixer#ProgramVersion HKLM\Software\winifixer.com\WinIFixer#EngineVersion HKLM\Software\winifixer.com\WinIFixer#GuiVersion HKLM\Software\winifixer.com\WinIFixer#ProxyName HKLM\Software\winifixer.com\WinIFixer#ProxyPort HKLM\Software\winifixer.com\WinIFixer#ScanPriority HKLM\Software\winifixer.com\WinIFixer#DaysInterval HKLM\Software\winifixer.com\WinIFixer#ScanDepth HKLM\Software\winifixer.com\WinIFixer#ScanSystemOnStartup HKLM\Software\winifixer.com\WinIFixer#AutomaticallyUpdates HKLM\Software\winifixer.com\WinIFixer#MinimizeOnStart HKLM\Software\winifixer.com\WinIFixer#BackgroundScan HKLM\Software\winifixer.com\WinIFixer#BackgroundScanTimeout HKLM\Software\winifixer.com\WinIFixer#InstallationID HKLM\Software\winifixer.com\WinIFixer#LastTimeStamp HKLM\Software\winifixer.com\WinIFixer#LastUpdateDate HKLM\Software\winifixer.com\WinIFixer\Settings Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\CTFMONB.BMP Malwarebytes' Anti-Malware 1.12 Database version: 794 Scan type: Quick Scan Objects scanned: 38348 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 7 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_09_38 PM_421.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_09_39 PM_906.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_48_37 PM_812.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_48_38 PM_984.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:31:10 AM, on 5/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - GLOBAL STARTUP: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191431293484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191431278781 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5670 bytes Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there) O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Download ATF Cleaner by Atribune. Note: Vista users must use Run As Administrator Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. ---------- How is everything now?Everything is running better than ever! Thank you!Final steps... Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you NEED to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. . Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Another thing I would SUGGEST installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Answer»

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/29/2008 at 02:00 AM

Application Version : 4.1.1046

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 00:20:28

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 3370
Registry threats detected : 28
File items scanned : 20510
File threats detected : 20

Rogue.WinIFixer
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer\Quarantine
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com\WinIFixer
C:\Documents and Settings\DRAGO\Application Data\WinIFixer.com
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\WinIFixer.exe
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\Program Files\WinIFixer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinIFixer [ C:\Program Files\WinIFixer\WinIFixer.exe ]
HKLM\Software\winifixer.com
HKLM\Software\winifixer.com#MGuid
HKLM\Software\winifixer.com\WinIFixer
HKLM\Software\winifixer.com\WinIFixer#RegistrationUrl
HKLM\Software\winifixer.com\WinIFixer#RegistrationDiscUrl
HKLM\Software\winifixer.com\WinIFixer#ADVid
HKLM\Software\winifixer.com\WinIFixer#InstallDir
HKLM\Software\winifixer.com\WinIFixer#domain
HKLM\Software\winifixer.com\WinIFixer#SoftID
HKLM\Software\winifixer.com\WinIFixer#DatabaseVersion
HKLM\Software\winifixer.com\WinIFixer#ProgramVersion
HKLM\Software\winifixer.com\WinIFixer#EngineVersion
HKLM\Software\winifixer.com\WinIFixer#GuiVersion
HKLM\Software\winifixer.com\WinIFixer#ProxyName
HKLM\Software\winifixer.com\WinIFixer#ProxyPort
HKLM\Software\winifixer.com\WinIFixer#ScanPriority
HKLM\Software\winifixer.com\WinIFixer#DaysInterval
HKLM\Software\winifixer.com\WinIFixer#ScanDepth
HKLM\Software\winifixer.com\WinIFixer#ScanSystemOnStartup
HKLM\Software\winifixer.com\WinIFixer#AutomaticallyUpdates
HKLM\Software\winifixer.com\WinIFixer#MinimizeOnStart
HKLM\Software\winifixer.com\WinIFixer#BackgroundScan
HKLM\Software\winifixer.com\WinIFixer#BackgroundScanTimeout
HKLM\Software\winifixer.com\WinIFixer#InstallationID
HKLM\Software\winifixer.com\WinIFixer#LastTimeStamp
HKLM\Software\winifixer.com\WinIFixer#LastUpdateDate
HKLM\Software\winifixer.com\WinIFixer\Settings

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CTFMONB.BMP
Malwarebytes' Anti-Malware 1.12
Database version: 794

Scan type: Quick Scan
Objects scanned: 38348
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.MFC\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\RegistrySmart\Microsoft.VC80.CRT\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_09_38 PM_421.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_09_39 PM_906.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_48_37 PM_812.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\DRAGO\Application Data\RegistrySmart\Log\2007 Oct 03 - 12_48_38 PM_984.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:10 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - GLOBAL STARTUP: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191431293484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191431278781
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5670 bytes
Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Download ATF Cleaner by Atribune.
Note: Vista users must use Run As Administrator

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

----------

How is everything now?Everything is running better than ever! Thank you!Final steps...

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you NEED to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008

Another thing I would SUGGEST installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

Using SpywareBlaster to protect your computer from Spyware and Malware

Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : Malware scan logfiles?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment