Windows Security Center spyware won't go away [RESOLVED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour.
Learn more about Geeks to Go by taking the tour.
  |
 May 14 2008, 06:15 PM
Post
#1
|
|
|
New Member  Posts: 9 OS: XP  |
Hello,
Since yesterday I'm getting fake Windows Security Center pop-ups etc., there is also a fake icon in the systemtray which leads to some fake security center page telling me to download some spyware. I've tried alot of progs to get rid of it (ad-aware/spybot/malwarebytes/sdfix/smitfraudfix etc.), but so far with no success. HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:53, on 15-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe E:\Program Files\SpeedFan\speedfan.exe C:\WINDOWS\system32\wscntfy.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: HDDlife.lnk = E:\Program Files\BinarySense\HDDlife\HDDlifePro.exe O4 - Startup: Kopie van SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ontvang alles met FlashGet - K:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - K:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Save Flash - res://E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159065150921 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab O20 - Winlogon Notify: aydemscs - C:\WINDOWS\SYSTEM32\aydemscs.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\Driver\i386\ms-java.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe -- End of file - 6320 bytes Uninstall list: µTorrent 3DMark05 3DMark06 3D-Rijsimulator 3GP Player 2007 Aangifte inkomstenbelasting 2007 ABBYY FineReader 8.0 Professional Edition AC3Filter (remove only) Ad-Aware 2007 Ad-Aware SE Professional Adobe Download Manager 2.0 (alleen verwijderen) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.0.8 Adobe Shockwave Player Advanced GIF Animator 2.23 Advanced RAR Password Recovery (remove only) a-squared Free 3.5 ASUS Probe V2.25.02 ATITool Overclocking Utility Battlefield 2™ Battlefield 2: Special Forces Beveiligingsupdate for Windows Media Player 10 (KB917734) Beveiligingsupdate for Windows XP (KB941569) Beveiligingsupdate voor Windows Media Player (KB911564) Beveiligingsupdate voor Windows Media Player 11 (KB936782) Beveiligingsupdate voor Windows Media Player 6.4 (KB925398) Beveiligingsupdate voor Windows XP (KB890046) Beveiligingsupdate voor Windows XP (KB893756) Beveiligingsupdate voor Windows XP (KB896358) Beveiligingsupdate voor Windows XP (KB896423) Beveiligingsupdate voor Windows XP (KB896424) Beveiligingsupdate voor Windows XP (KB896428) Beveiligingsupdate voor Windows XP (KB899587) Beveiligingsupdate voor Windows XP (KB899591) Beveiligingsupdate voor Windows XP (KB900725) Beveiligingsupdate voor Windows XP (KB901017) Beveiligingsupdate voor Windows XP (KB901214) Beveiligingsupdate voor Windows XP (KB902400) Beveiligingsupdate voor Windows XP (KB904706) Beveiligingsupdate voor Windows XP (KB905414) Beveiligingsupdate voor Windows XP (KB905749) Beveiligingsupdate voor Windows XP (KB908519) Beveiligingsupdate voor Windows XP (KB911562) Beveiligingsupdate voor Windows XP (KB911567) Beveiligingsupdate voor Windows XP (KB911927) Beveiligingsupdate voor Windows XP (KB912919) Beveiligingsupdate voor Windows XP (KB913433) Beveiligingsupdate voor Windows XP (KB913580) Beveiligingsupdate voor Windows XP (KB914388) Beveiligingsupdate voor Windows XP (KB914389) Beveiligingsupdate voor Windows XP (KB917159) Beveiligingsupdate voor Windows XP (KB917344) Beveiligingsupdate voor Windows XP (KB917422) Beveiligingsupdate voor Windows XP (KB917953) Beveiligingsupdate voor Windows XP (KB918118) Beveiligingsupdate voor Windows XP (KB918439) Beveiligingsupdate voor Windows XP (KB918899) Beveiligingsupdate voor Windows XP (KB919007) Beveiligingsupdate voor Windows XP (KB920213) Beveiligingsupdate voor Windows XP (KB920214) Beveiligingsupdate voor Windows XP (KB920670) Beveiligingsupdate voor Windows XP (KB920683) Beveiligingsupdate voor Windows XP (KB920685) Beveiligingsupdate voor Windows XP (KB921398) Beveiligingsupdate voor Windows XP (KB921883) Beveiligingsupdate voor Windows XP (KB922616) Beveiligingsupdate voor Windows XP (KB922819) Beveiligingsupdate voor Windows XP (KB923191) Beveiligingsupdate voor Windows XP (KB923414) Beveiligingsupdate voor Windows XP (KB923980) Beveiligingsupdate voor Windows XP (KB924270) Beveiligingsupdate voor Windows XP (KB924496) Beveiligingsupdate voor Windows XP (KB924667) Beveiligingsupdate voor Windows XP (KB925902) Beveiligingsupdate voor Windows XP (KB926255) Beveiligingsupdate voor Windows XP (KB926436) Beveiligingsupdate voor Windows XP (KB927779) Beveiligingsupdate voor Windows XP (KB927802) Beveiligingsupdate voor Windows XP (KB928255) Beveiligingsupdate voor Windows XP (KB928843) Beveiligingsupdate voor Windows XP (KB929123) Beveiligingsupdate voor Windows XP (KB930178) Beveiligingsupdate voor Windows XP (KB931261) Beveiligingsupdate voor Windows XP (KB931784) Beveiligingsupdate voor Windows XP (KB932168) Beveiligingsupdate voor Windows XP (KB933729) Beveiligingsupdate voor Windows XP (KB935839) Beveiligingsupdate voor Windows XP (KB935840) Beveiligingsupdate voor Windows XP (KB936021) Beveiligingsupdate voor Windows XP (KB938127) Beveiligingsupdate voor Windows XP (KB941202) Beveiligingsupdate voor Windows XP (KB941568) Beveiligingsupdate voor Windows XP (KB941644) Beveiligingsupdate voor Windows XP (KB941693) Beveiligingsupdate voor Windows XP (KB943055) Beveiligingsupdate voor Windows XP (KB943460) Beveiligingsupdate voor Windows XP (KB943485) Beveiligingsupdate voor Windows XP (KB944338) Beveiligingsupdate voor Windows XP (KB944653) Beveiligingsupdate voor Windows XP (KB945553) Beveiligingsupdate voor Windows XP (KB946026) Beveiligingsupdate voor Windows XP (KB947864) Beveiligingsupdate voor Windows XP (KB948590) Beveiligingsupdate voor Windows XP (KB948881) Beveiligingsupdate voor Windows XP (KB950749) BitComet 0.70 BSPlayer Call of Duty® 4 - Modern Warfare™ Call of Duty® 4 - Modern Warfare™ 1.1 Patch Call of Duty® 4 - Modern Warfare™ 1.2 Patch CCleaner (remove only) COD Serveur 3.0.3 Command & Conquer 3 Command & Conquer Generals Command & Conquer™ 3: Kane's Wrath Command and ConquerTM Generals Zero Hour Corel Paint Shop Pro Photo XI DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Identifier eMule Far Manager v1.70 ffdshow (remove only) Flash Saving Plugin FlashFXP v3 Flock (Photobucket Edition) 0.7 Google Earth Google Toolbar for Internet Explorer Hamachi 1.0.2.5 HD Tach version 3 HD Tune 2.52 Hijack This 1.99.1 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB926239) Java™ SE Runtime Environment 6 Update 1 Just Cause 1.00.0000 K-Lite Mega Codec Pack 1.53 Lavasoft VX2 Cleaner Lexmark 640 Series LimeWire PRO 4.17.1 Logitech Gaming Software Logitech MouseWare 9.80 Malwarebytes' Anti-Malware MATLAB R2007b Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - NLD Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2003 Proofing Tools Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Vista Upgrade Advisor mIRC Mozilla Firefox (2.0.0.13) MSXML 4.0 SP2 (KB936181) Need for Speed™ Carbon NewsBin Pro Norton PartitionMagic 8.0 NVIDIA Drivers NVIDIA PureVideo Decoder OCCT v0.91 Pakket voor de provider van Microsoft Base-smartcardcryptografieservice PowerDVD PowerISO Prime95 PunkBuster Services QuickTime RealPlayer Realtek AC'97 Audio RivaTuner v2.0 RC 16 Sansa Updater Security Update voor Microsoft .NET Framework 2.0 (KB917283) SiSoftware Sandra Pro Home 2007 (Win64/32/CE) Sony Ericsson W800 Software SopCast 1.1.2 SopCore 1.1.2 SpeedFan (remove only) Spybot - Search & Destroy System Requirements Lab SysTool Overclocking Utility TI Connect 1.6 TI NoteFolio Creator TI-Black Link TI-Graph Link 83 Plus - Nederland TopMail TVAnts 1.0 Uniblue RegistryBooster 2 Update Service Update voor Windows XP (KB894391) Update voor Windows XP (KB898461) Update voor Windows XP (KB900485) Update voor Windows XP (KB900930) Update voor Windows XP (KB904942) Update voor Windows XP (KB908531) Update voor Windows XP (KB910437) Update voor Windows XP (KB911280) Update voor Windows XP (KB916595) Update voor Windows XP (KB920872) Update voor Windows XP (KB922582) Update voor Windows XP (KB927891) Update voor Windows XP (KB930916) Update voor Windows XP (KB938828) Update voor Windows XP (KB942763) Video Card Stability Test VideoLAN VLC media player 0.8.5 VobSub v2.23 (Remove Only) Winamp Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows-stuurprogrammapakket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) WinRAR archiver WinZip Xfire (remove only) Xvid 1.1.2 final uninstall |
 |
 
|
|
May 15 2008, 04:25 AM
Post
#2
|
|
|
New Member Posts: 9 OS: XP |
Deckard log:
Deckard's System Scanner v20071014.68 Run by AK47 on 2008-05-15 12:24:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as AK47.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:40, on 15-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe E:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe E:\Program Files\SpeedFan\speedfan.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\AK47\Bureaublad\dss(2).exe E:\PROGRA~1\TRENDM~1\HIJACK~1\AK47.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: HDDlife.lnk = E:\Program Files\BinarySense\HDDlife\HDDlifePro.exe O4 - Startup: Kopie van SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ontvang alles met FlashGet - K:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - K:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Save Flash - res://E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159065150921 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab O20 - Winlogon Notify: aydemscs - C:\WINDOWS\SYSTEM32\aydemscs.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe -- End of file - 6367 bytes -- Files created between 2008-04-15 and 2008-05-15 ----------------------------- 2008-05-15 01:53:40 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec> 2008-05-15 01:16:18 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-15 01:16:18 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-05-15 01:16:18 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-05-15 01:16:18 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-05-15 01:16:18 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-05-15 01:16:18 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-15 01:16:18 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-15 01:16:18 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-14 10:35:56 68096 --a------ C:\WINDOWS\zip.exe 2008-05-14 10:35:56 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-14 10:35:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-14 10:35:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-14 10:35:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-14 10:35:56 98816 --a------ C:\WINDOWS\sed.exe 2008-05-14 10:35:56 80412 --a------ C:\WINDOWS\grep.exe 2008-05-14 10:35:56 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-14 01:31:23 0 d-------- C:\Program Files\MSXML 4.0 2008-05-14 01:14:05 0 d-------- C:\WINDOWS\ERUNT 2008-05-14 00:21:56 0 d-------- D:\Deckard 2008-05-14 00:08:51 1428 --a------ D:\sageset2005.reg 2008-05-13 23:24:23 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-13 22:15:56 0 d-------- C:\Program Files\Enigma Software Group 2008-05-13 21:35:39 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia 2008-05-13 21:29:53 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla 2008-05-13 21:27:16 0 d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-05-13 19:33:37 0 d-------- D:\Documents and Settings\AK47\Application Data\Malwarebytes 2008-05-13 19:33:29 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-13 19:29:04 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-13 19:17:20 818420 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-05-13 19:17:20 69632 --a------ C:\WINDOWS\system32\remove.exe 2008-05-13 19:17:20 7048 --a------ C:\WINDOWS\system32\fixp.bat 2008-05-13 18:27:22 249856 --a------ C:\WINDOWS\system32\aydemscs.dll 2008-05-13 18:02:57 928 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-13 18:00:51 0 dr------- D:\Documents and Settings\NetworkService.NT AUTHORITY\Favorieten 2008-05-13 17:52:07 0 d-------- D:\ErdUndoCache 2008-05-13 16:24:32 0 d-------- D:\Documents and Settings\Administrator\Application Data\Adobe 2008-05-13 16:18:29 1 --a------ C:\WINDOWS\system32\ds.dat 2008-05-13 16:07:01 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY\NetHood 2008-05-13 16:07:01 0 dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Mijn documenten 2008-05-13 16:06:59 0 dr-h----- D:\Documents and Settings\LocalService.NT AUTHORITY\Onlangs geopend 2008-05-13 16:06:57 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Bureaublad 2008-05-13 16:06:51 11776 --a------ C:\WINDOWS\system32\luwu534.exe 2008-05-13 16:02:01 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia 2008-05-13 16:02:01 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe 2008-05-13 15:58:20 0 dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Favorieten 2008-05-13 15:58:19 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start 2008-05-13 15:58:00 0 d-------- D:\Documents and Settings\All Users\Application Data\czkbqpsv 2008-05-13 15:07:32 9216 --a------ C:\WINDOWS\system32\luwu615.exe 2008-05-13 15:07:20 11776 --a------ C:\WINDOWS\system32\luwu563.exe 2008-05-12 21:35:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Macromedia 2008-05-12 21:35:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Adobe 2008-05-12 21:34:58 0 d-------- D:\Documents and Settings\Reserve\Application Data\Google 2008-05-12 21:34:13 0 d-------- D:\Documents and Settings\Reserve\Application Data\Real 2008-05-12 21:34:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Identities 2008-05-12 21:33:51 0 dr------- D:\Documents and Settings\Reserve\Favorieten 2008-05-12 21:33:51 0 d---s---- D:\Documents and Settings\Reserve\Cookies 2008-05-12 21:33:51 0 d-------- D:\Documents and Settings\Reserve\Bureaublad 2008-05-12 21:33:51 0 dr-h----- D:\Documents and Settings\Reserve\Application Data 2008-05-12 21:33:51 0 d---s---- D:\Documents and Settings\Reserve\Application Data\Microsoft 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Sjablonen 2008-05-12 21:33:50 0 dr-h----- D:\Documents and Settings\Reserve\SendTo 2008-05-12 21:33:50 0 dr-h----- D:\Documents and Settings\Reserve\Onlangs geopend 2008-05-12 21:33:50 786432 --ah----- D:\Documents and Settings\Reserve\NTUSER.DAT 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Netwerkprinteromgeving 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\NetHood 2008-05-12 21:33:50 0 dr------- D:\Documents and Settings\Reserve\Mijn documenten 2008-05-12 21:33:50 0 dr------- D:\Documents and Settings\Reserve\Menu Start 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Local Settings 2008-05-11 14:50:42 0 d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-05-11 02:25:07 0 d-------- D:\Documents and Settings\AK47\Application Data\FreeStone Group 2008-05-11 00:29:56 0 d-------- D:\Documents and Settings\AK47\Application Data\Command & Conquer 3 Kane's Wrath 2008-05-11 00:17:21 0 dr-h----- D:\Documents and Settings\AK47\Application Data\SecuROM 2008-05-06 01:02:47 0 d-------- D:\Documents and Settings\AK47\Application Data\Hamachi 2008-05-04 02:06:49 975 --a------ C:\WINDOWS\eReg.dat -- Find3M Report --------------------------------------------------------------- 2008-05-13 23:28:01 0 d-------- D:\Documents and Settings\AK47\Application Data\uTorrent 2008-05-13 23:23:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-13 12:31:11 0 d-------- D:\Documents and Settings\AK47\Application Data\Corel 2008-05-12 20:24:09 0 d-------- D:\Documents and Settings\AK47\Application Data\LimeWire 2008-05-11 16:13:46 465612 --a------ C:\WINDOWS\system32\perfh013.dat 2008-05-11 16:13:46 81146 --a------ C:\WINDOWS\system32\perfc013.dat 2008-05-11 14:50:42 0 d-------- C:\Program Files\Common Files 2008-05-11 14:50:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-11 14:50:40 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-10 18:24:59 0 d-------- D:\Documents and Settings\AK47\Application Data\SopCast 2008-05-02 15:55:53 2880 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-30 13:28:29 0 d-------- D:\Documents and Settings\AK47\Application Data\Xfire 2008-04-19 20:11:02 0 d-------- D:\Documents and Settings\AK47\Application Data\Adobe 2008-03-27 23:19:45 0 d-------- D:\Documents and Settings\AK47\Application Data\Uniblue -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-2006 21:43] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [] "nwiz"="nwiz.exe" [11-08-2006 21:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [11-08-2006 21:43 C:\WINDOWS\system32\nvmctray.dll] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [] "Logitech Utility"="Logi_MwX.Exe" [11-12-2003 09:50 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [10-06-2007 21:16] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aydemscs] aydemscs.dll 13-05-2008 18:27 249856 C:\WINDOWS\system32\aydemscs.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xej73.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime -- End of Deckard's System Scanner: finished at 2008-05-15 12:24:59 ------------ |
|
|
|
|
May 15 2008, 06:14 AM
Post
#3
|
|
|
New Member Posts: 9 OS: XP |
Combofix log:
ComboFix 08-05-12.1 - AK47 2008-05-15 14:09:03.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1539 [GMT 2:00] Gestart vanuit: D:\Documents and Settings\AK47\Bureaublad\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))) . 2008-05-15 13:50 . 2008-05-15 13:50 <DIR> d-------- C:\Program Files\Panda Security 2008-05-15 13:49 . 2008-05-15 13:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:49 . 2008-05-15 13:49 <DIR> d-------- D:\Documents and Settings\AK47\Application Data\SUPERAntiSpyware.com 2008-05-15 01:47 . 2008-05-15 01:47 <DIR> d-------- C:\VundoFix Backups 2008-05-15 01:16 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-15 01:16 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-15 01:16 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-15 01:16 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-15 01:16 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-15 01:16 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-15 01:16 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-15 01:16 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-14 01:31 . 2008-05-14 01:31 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-14 01:14 . 2008-05-14 01:14 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-14 00:39 . 2008-05-14 00:40 135,168 --a------ C:\zip.exe 2008-05-14 00:39 . 2008-05-14 00:40 19,286 --a------ C:\cleanup.exe 2008-05-14 00:39 . 2008-05-14 00:40 574 --a------ C:\cleanup.bat 2008-05-14 00:16 . 2008-05-14 01:12 <DIR> d-------- C:\RVAXO 2008-05-13 23:24 . 2008-05-13 23:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-13 22:15 . 2008-05-13 22:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-13 21:47 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-13 21:47 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-13 21:47 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-13 21:47 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-13 21:27 . 2008-05-13 21:27 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-05-13 20:12 . 2008-05-13 20:45 687 --a------ C:\WINDOWS\wininit.iniRVAXO 2008-05-13 19:33 . 2008-05-13 19:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-13 19:33 . 2008-05-13 19:33 <DIR> d-------- D:\Documents and Settings\AK47\Application Data\Malwarebytes 2008-05-13 19:33 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-13 19:33 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-13 19:29 . 2008-05-13 20:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-13 19:17 . 2008-05-10 12:18 818,420 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-05-13 19:17 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-05-13 19:17 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat 2008-05-13 19:00 . 2008-05-13 19:00 <DIR> d-------- C:\tool 2008-05-13 18:27 . 2008-05-13 18:27 249,856 --a------ C:\WINDOWS\system32\aydemscs.dll 2008-05-13 18:02 . 2008-05-15 01:16 928 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-13 18:00 . 2008-05-13 18:00 <DIR> dr------- D:\Documents and Settings\NetworkService.NT AUTHORITY\Favorieten 2008-05-13 17:57 . 2004-08-04 01:03 1,035,776 -r-h----- C:\WINDOWS\system32\win_2tf.exe 2008-05-13 17:52 . 2007-06-13 15:24 1,036,800 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-05-13 17:52 . 2004-08-04 01:03 504,832 --a--c--- C:\WINDOWS\system32\dllcache\winlogon.exe 2008-05-13 17:52 . 2004-08-04 01:03 108,544 --a--c--- C:\WINDOWS\system32\dllcache\services.exe 2008-05-13 17:52 . 2005-06-11 01:53 57,856 --a--c--- C:\WINDOWS\system32\dllcache\spoolsv.exe 2008-05-13 17:52 . 2004-08-04 01:03 13,312 --a--c--- C:\WINDOWS\system32\dllcache\lsass.exe 2008-05-13 17:51 . 2008-05-13 17:52 <DIR> d--h----- C:\ErdUndoCache 2008-05-13 17:49 . 2008-05-13 17:50 <DIR> d-------- C:\~ErdUserProfile.$$$ 2008-05-13 16:19 . 2008-05-13 16:19 29 --a------ C:\WINDOWS\system32\fqwyiash.tmp 2008-05-13 16:18 . 2008-05-13 17:55 1 --a------ C:\WINDOWS\system32\ds.dat 2008-05-13 16:07 . 2008-05-13 16:07 <DIR> dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Mijn documenten 2008-05-13 16:06 . 2008-05-13 16:07 <DIR> dr-h----- D:\Documents and Settings\LocalService.NT AUTHORITY\Onlangs geopend 2008-05-13 16:06 . 2008-05-13 16:06 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Bureaublad 2008-05-13 15:58 . 2008-05-13 15:58 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start 2008-05-13 15:58 . 2008-05-13 16:07 <DIR> dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Favorieten 2008-05-13 15:58 . 2008-05-13 21:23 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\czkbqpsv 2008-05-13 15:57 . 2008-05-13 22:32 12,288 --------- C:\WINDOWS\system32\WinwwdsNt32ssss.dlla 2008-05-13 15:07 . 2008-05-13 16:07 1 --a------ C:\WINDOWS\system32\wsbkom.tmp 2008-05-12 21:34 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-12 21:33 . 2006-09-24 05:56 <DIR> d--h----- D:\Documents and Settings\Reserve\Sjablonen 2008-05-12 21:33 . 2008-05-12 21:34 <DIR> dr-h----- D:\Documents and Settings\Reserve\Onlangs geopend 2008-05-12 21:33 . 2006-09-24 05:56 <DIR> d--h----- D:\Documents and Settings\Reserve\Netwerkprinteromgeving 2008-05-12 21:33 . 2008-05-12 21:34 <DIR> dr------- D:\Documents and Settings\Reserve\Mijn documenten 2008-05-12 21:33 . 2006-09-24 05:56 <DIR> dr------- D:\Documents and Settings\Reserve\Menu Start 2008-05-12 21:33 . 2008-05-12 21:34 <DIR> dr------- D:\Documents and Settings\Reserve\Favorieten 2008-05-12 21:33 . 2006-11-07 18:16 <DIR> d-------- D:\Documents and Settings\Reserve\Bureaublad 2008-05-12 21:33 . 2008-05-12 21:33 <DIR> d-------- D:\Documents and Settings\Reserve 2008-05-12 21:33 . 2008-05-15 00:58 1,024 --ah----- D:\Documents and Settings\Reserve\ntuser.dat.LOG 2008-05-11 15:33 . 2006-01-23 11:51 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2008-05-11 15:32 . 2006-04-14 14:00 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-05-11 15:32 . 2006-04-14 14:00 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-05-11 15:32 . 2006-04-14 20:08 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-05-11 15:32 . 2006-02-20 13:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-05-11 15:32 . 2005-12-08 12:06 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-05-11 14:50 . 2008-05-11 14:50 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-05-11 02:25 . 2008-05-11 02:25 <DIR> d-------- D:\Documents and Settings\AK47\Application Data\FreeStone Group 2008-05-11 00:29 . 2008-05-11 00:29 <DIR> d-------- D:\Documents and Settings\AK47\Application Data\Command & Conquer 3 Kane's Wrath 2008-05-11 00:28 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-05-11 00:28 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-05-11 00:28 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-05-11 00:28 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-05-11 00:17 . 2008-05-11 00:17 <DIR> dr-h----- D:\Documents and Settings\AK47\Application Data\SecuROM 2008-05-11 00:15 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-06 01:02 . 2008-05-11 02:06 <DIR> d-------- D:\Documents and Settings\AK47\Application Data\Hamachi 2008-05-06 01:02 . 2008-05-06 01:02 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-05-04 02:06 . 2008-05-04 02:11 975 --a------ C:\WINDOWS\eReg.dat 2008-04-27 10:57 . 2008-05-13 12:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-27 10:57 . 2008-04-27 10:57 1,409 --a------ C:\WINDOWS\QTFont.for . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 11:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-13 21:32 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP 2008-05-13 21:28 --------- d-----w D:\Documents and Settings\AK47\Application Data\uTorrent 2008-05-13 18:12 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-05-13 10:31 --------- d-----w D:\Documents and Settings\AK47\Application Data\Corel 2008-05-12 18:24 --------- d-----w D:\Documents and Settings\AK47\Application Data\LimeWire 2008-05-11 12:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-11 12:50 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-10 16:24 --------- d-----w D:\Documents and Settings\AK47\Application Data\SopCast 2008-05-02 13:55 2,880 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-30 11:28 --------- d-----w D:\Documents and Settings\AK47\Application Data\Xfire 2008-03-31 15:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-31 15:56 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-03-27 21:19 --------- d-----w D:\Documents and Settings\AK47\Application Data\Uniblue 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll 2007-11-22 20:42 22,328 ----a-w D:\Documents and Settings\AK47\Application Data\PnkBstrK.sys 2006-10-01 13:07 88 --sh--r C:\WINDOWS\system32\825135B91D.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-14_10.38.27,84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-14 08:30:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-15 12:04:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-14 08:13:55 794,624 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2008-05-14 23:30:12 9,834,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat - 2008-05-14 08:13:55 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-05-14 23:30:12 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-05-15 11:49:35 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-05-15 11:49:35 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2008-05-15 11:50:23 2,546 ----a-w C:\WINDOWS\mozver.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-06-10 21:16 5674352] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ] "nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE] D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aydemscs] aydemscs.dll 2008-05-13 18:27 249856 C:\WINDOWS\system32\aydemscs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= E:\Program Files\ffdshow\ffdshow.ax "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xej73.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 E:\Program Files\QuickTime\qttask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "F:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "E:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12012:TCP"= 12012:TCP:BitComet 12012 TCP "12012:UDP"= 12012:UDP:BitComet 12012 UDP "4662:TCP"= 4662:TCP:BitComet 4662 TCP "4662:UDP"= 4662:UDP:BitComet 4662 UDP R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11] R1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-10-10 14:06] R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [1999-08-30 14:51] S0 bmolbc;bmolbc;C:\WINDOWS\system32\drivers\qhwpeed.sys [] S0 xxfg;xxfg;C:\WINDOWS\system32\drivers\xythpn.sys [] S3 CrystalCpuInfo;CrystalCpuInfo;E:\Program Files\OCCT\CpuInfo.sys [2003-11-25 07:50] S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [] S3 TCCrystalCpuInfo;TCCrystalCpuInfo;D:\DOCUME~1\AK47\LOCALS~1\Temp\TCCpuInfo.sys [] S4 Ms-java;Ms-java;C:\WINDOWS\Driver\i386\ms-java.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 14:10:54 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation scannen van verborgen processen ... C:\WINDOWS\system32\.ac6eec15\ac6eec15.exe [196] 0x88D2F578 scannen van verborgen autostart items ... scannen van verborgen bestanden ... D:\DOCUME~1\AK47\LOCALS~1\Temp\tmp7.tmp.ac6eec15.tmp 249856 bytes executable C:\WINDOWS\TEMP\tmp9.tmp.ac6eec15.tmp 249856 bytes executable Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ac6eec15] "ImagePath"="C:\WINDOWS\system32\.ac6eec15\ac6eec15.exe" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\aydemscs.dll . Voltooingstijd: 2008-05-15 14:12:28 ComboFix-quarantined-files.txt 2008-05-15 12:11:48 ComboFix2.txt 2008-05-14 23:54:56 ComboFix3.txt 2008-05-14 08:39:11 Pre-Run: 4,933,541,888 bytes beschikbaar Post-Run: 4,923,498,496 bytes beschikbaar 221 --- E O F --- 2008-05-13 23:34:43 |
|
|
|
|
May 15 2008, 11:40 AM
Post
#4
|
|
|
New Member Posts: 9 OS: XP |
Could somebody please help me ASAP as I'm getting reboots now aswell each half hour or something, a counter starts and reboots my system after one minute (NT AUTHORITY/SYSTEM thingy).
I know that 'bumping' is not allowed but I really am in a hurry as I constantly need to save my work for school to prevent data loss. |
|
|
|
|
May 15 2008, 05:25 PM
Post
#5
|
|
|
New Member Posts: 9 OS: XP |
...got a little impatient and tried to be creative by reading topics of people with the same problem.., with succes.
 Ran Combofix first, rebooted. Read the log, made the following file: CODE File:: C:\WINDOWS\system32\aydemscs.dll D:\DOCUME~1\AK47\LOCALS~1\Temp\tmp7.tmp.ac6eec15.tmp C:\WINDOWS\TEMP\tmp9.tmp.ac6eec15.tmp Folder:: C:\WINDOWS\system32\.ac6eec15\ Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aydemscs] [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ac6eec15] Renamed it to CFScript and dragged it to combofix.exe. Everything works fine now and aydemscs.dll is not showing up on the HJT log either, but is there anyway to be sure that my system is totally clean of this virus now? |
|
|
|
|
May 16 2008, 11:31 AM
Post
#6
|
|
 Global Moderator  Posts: 6,601 From: Darkest Cornwall OS: Vista Ultimate |
You are living dangerously by using cfscript on your system, when it was designed for someone else. This time you were lucky and did not crash your system, next time you may not. I will take this one but I will need a fresh look at your system, plus an update on your symptoms. Please do not run any more programmes whilst I am helping you.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
--------------------   Growing old is mandatory Growing up is optional. |
|
|
|
|
May 16 2008, 01:18 PM
Post
#7
|
|
|
New Member Posts: 9 OS: XP |
Hello, thank you for helping me out. Well, actually I did not copy the whole script but rather changed it as the files names/folders etc. were different in my log. I do understand it could have gone wrong but it was really driving me crazy and I had to do something about it. Anyways, here is the requested log, there was no 'extra.txt' log for some reason, only the main.txt one: Deckard's System Scanner v20071014.68 Run by AK47 on 2008-05-16 21:14:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as AK47.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:29, on 16-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\SpeedFan\speedfan.exe C:\Program Files\MSN Messenger\usnsvc.exe D:\Documents and Settings\AK47\Bureaublad\dss(3).exe E:\PROGRA~1\TRENDM~1\HIJACK~1\AK47.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: HDDlife.lnk = E:\Program Files\BinarySense\HDDlife\HDDlifePro.exe O4 - Startup: Kopie van SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ontvang alles met FlashGet - K:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Ontvang met FlashGet - K:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Save Flash - res://E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159065150921 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...160/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe -- End of file - 6175 bytes -- Files created between 2008-04-16 and 2008-05-16 ----------------------------- 2008-05-16 01:03:40 0 d-------- D:\Qoobox 2008-05-15 13:50:10 0 d-------- C:\Program Files\Panda Security 2008-05-15 13:49:42 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 13:49:24 0 d-------- D:\Documents and Settings\AK47\Application Data\SUPERAntiSpyware.com 2008-05-15 01:16:18 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-15 01:16:18 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-05-15 01:16:18 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-05-15 01:16:18 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-05-15 01:16:18 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-05-15 01:16:18 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-15 01:16:18 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-15 01:16:18 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-14 10:35:56 68096 --a------ C:\WINDOWS\zip.exe 2008-05-14 10:35:56 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-14 10:35:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-14 10:35:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-14 10:35:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-14 10:35:56 98816 --a------ C:\WINDOWS\sed.exe 2008-05-14 10:35:56 80412 --a------ C:\WINDOWS\grep.exe 2008-05-14 10:35:56 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-14 01:31:23 0 d-------- C:\Program Files\MSXML 4.0 2008-05-14 01:14:05 0 d-------- C:\WINDOWS\ERUNT 2008-05-14 00:21:56 0 d-------- D:\Deckard 2008-05-14 00:08:51 1428 --a------ D:\sageset2005.reg 2008-05-13 23:24:23 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-13 22:15:56 0 d-------- C:\Program Files\Enigma Software Group 2008-05-13 21:35:39 0 d-------- D:\Documents and Settings\Administrator\Application Data\Macromedia 2008-05-13 21:29:53 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla 2008-05-13 21:27:16 0 d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-05-13 19:33:37 0 d-------- D:\Documents and Settings\AK47\Application Data\Malwarebytes 2008-05-13 19:33:29 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-13 19:29:04 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-13 19:17:20 818420 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-05-13 19:17:20 69632 --a------ C:\WINDOWS\system32\remove.exe 2008-05-13 19:17:20 7048 --a------ C:\WINDOWS\system32\fixp.bat 2008-05-13 18:02:57 928 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-13 18:00:51 0 dr------- D:\Documents and Settings\NetworkService.NT AUTHORITY\Favorieten 2008-05-13 17:52:07 0 d-------- D:\ErdUndoCache 2008-05-13 16:24:32 0 d-------- D:\Documents and Settings\Administrator\Application Data\Adobe 2008-05-13 16:18:29 1 --a------ C:\WINDOWS\system32\ds.dat 2008-05-13 16:07:01 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY\NetHood 2008-05-13 16:07:01 0 dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Mijn documenten 2008-05-13 16:06:59 0 dr-h----- D:\Documents and Settings\LocalService.NT AUTHORITY\Onlangs geopend 2008-05-13 16:06:57 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Bureaublad 2008-05-13 16:02:01 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia 2008-05-13 16:02:01 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe 2008-05-13 15:58:20 0 dr------- D:\Documents and Settings\LocalService.NT AUTHORITY\Favorieten 2008-05-13 15:58:19 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start 2008-05-13 15:58:00 0 d-------- D:\Documents and Settings\All Users\Application Data\czkbqpsv 2008-05-12 21:35:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Macromedia 2008-05-12 21:35:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Adobe 2008-05-12 21:34:58 0 d-------- D:\Documents and Settings\Reserve\Application Data\Google 2008-05-12 21:34:13 0 d-------- D:\Documents and Settings\Reserve\Application Data\Real 2008-05-12 21:34:02 0 d-------- D:\Documents and Settings\Reserve\Application Data\Identities 2008-05-12 21:33:51 0 dr------- D:\Documents and Settings\Reserve\Favorieten 2008-05-12 21:33:51 0 d---s---- D:\Documents and Settings\Reserve\Cookies 2008-05-12 21:33:51 0 d-------- D:\Documents and Settings\Reserve\Bureaublad 2008-05-12 21:33:51 0 dr-h----- D:\Documents and Settings\Reserve\Application Data 2008-05-12 21:33:51 0 d---s---- D:\Documents and Settings\Reserve\Application Data\Microsoft 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Sjablonen 2008-05-12 21:33:50 0 dr-h----- D:\Documents and Settings\Reserve\SendTo 2008-05-12 21:33:50 0 dr-h----- D:\Documents and Settings\Reserve\Onlangs geopend 2008-05-12 21:33:50 786432 --ah----- D:\Documents and Settings\Reserve\NTUSER.DAT 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Netwerkprinteromgeving 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\NetHood 2008-05-12 21:33:50 0 dr------- D:\Documents and Settings\Reserve\Mijn documenten 2008-05-12 21:33:50 0 dr------- D:\Documents and Settings\Reserve\Menu Start 2008-05-12 21:33:50 0 d--h----- D:\Documents and Settings\Reserve\Local Settings 2008-05-11 14:50:42 0 d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-05-11 02:25:07 0 d-------- D:\Documents and Settings\AK47\Application Data\FreeStone Group 2008-05-11 00:29:56 0 d-------- D:\Documents and Settings\AK47\Application Data\Command & Conquer 3 Kane's Wrath 2008-05-11 00:17:21 0 dr-h----- D:\Documents and Settings\AK47\Application Data\SecuROM 2008-05-06 01:02:47 0 d-------- D:\Documents and Settings\AK47\Application Data\Hamachi 2008-05-04 02:06:49 975 --a------ C:\WINDOWS\eReg.dat -- Find3M Report --------------------------------------------------------------- 2008-05-16 21:08:52 0 d-------- D:\Documents and Settings\AK47\Application Data\LimeWire 2008-05-15 14:50:21 471832 --a------ C:\WINDOWS\system32\perfh013.dat 2008-05-15 14:50:21 83226 --a------ C:\WINDOWS\system32\perfc013.dat 2008-05-15 13:50:23 2546 --a------ C:\WINDOWS\mozver.dat 2008-05-15 13:49:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-13 23:28:01 0 d-------- D:\Documents and Settings\AK47\Application Data\uTorrent 2008-05-13 12:31:11 0 d-------- D:\Documents and Settings\AK47\Application Data\Corel 2008-05-11 14:50:42 0 d-------- C:\Program Files\Common Files 2008-05-11 14:50:41 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-11 14:50:40 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-10 18:24:59 0 d-------- D:\Documents and Settings\AK47\Application Data\SopCast 2008-05-02 15:55:53 2880 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-30 13:28:29 0 d-------- D:\Documents and Settings\AK47\Application Data\Xfire 2008-04-19 20:11:02 0 d-------- D:\Documents and Settings\AK47\Application Data\Adobe 2008-03-27 23:19:45 0 d-------- D:\Documents and Settings\AK47\Application Data\Uniblue -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-2006 21:43] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [] "nwiz"="nwiz.exe" [11-08-2006 21:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [11-08-2006 21:43 C:\WINDOWS\system32\nvmctray.dll] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [] "Logitech Utility"="Logi_MwX.Exe" [11-12-2003 09:50 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [10-06-2007 21:16] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 12:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet& |