Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

desktop keeps disappearing, help please :) [CLOSED]


  • This topic is locked This topic is locked

#1
thebeast

thebeast

    Member

  • Member
  • PipPip
  • 12 posts
My desktop keeps coming on then going leaving only my wallpaper, I have tried almmost everything, system restore, about 100 virus scans, nothing seems to work.

this also applies in safemode as well :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 11:19, on 2007-08-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\nick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
  • 0

Advertisements


#2
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hello thebeast,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. Please give me some time to look over your log. I will post back soon with instructions on how to proceed.
  • 0

#3
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi thebeast,

Time for us to get to work. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :whistling:
----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • main.txt and extra.txt from DSS

  • 0

#4
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you for your reply :whistling:

I will run the scan now, I just though I'd tell you since then my desktop has come back, it turns out virtomonde has smuggled its way into the systems32 folder, I think my firewall panda is trying to block it and its messing up my desktop, I ran F-secure and it removed it and it seems fine, but it keeps ocming back everynow and again a warning comes up and my desktop goes vanishes again.
also winantivirus 2007 keeps coming up, a warning message came up in my icons bar in the toolbar and it pretends to scan my computer.

one last thing is, winlogin.exe keeps coming up in my proccesses, I know this is a natural thing for windows to do in some cases, but its hogging 90 % of my cpu,

I Will post you the log asap :blink:
  • 0

#5
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Deckard's System Scanner v20070819.64
Run by nick on 2007-08-20 23:27:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
115: 2007-08-20 22:27:16 UTC - RP205 - Deckard's System Scanner Restore Point
114: 2007-08-20 13:46:31 UTC - RP204 - Made by Registry Mechanic
113: 2007-08-19 22:49:26 UTC - RP203 - Made by Registry Mechanic
112: 2007-08-19 21:21:23 UTC - RP202 - Restore Operation
111: 2007-08-19 16:58:16 UTC - RP201 - System Checkpoint


-- First Restore Point --
1: 2007-05-23 00:07:01 UTC - RP91 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as nick.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-20 23:29:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\nick\Desktop\dss.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\Avciman.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - {17E8A9D4-2445-400A-BC9C-9AED314CF51D} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {3714F336-2A8F-46A2-8B68-4BE6A2227FBB} - (no file)
O2 - BHO: (no name) - {4B6622EB-AFD5-4872-9466-C05A85D3C051} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - (no file)
O2 - BHO: (no name) - {6CA3EEA2-0EBE-412A-A953-0D7B85B06E53} - (no file)
O2 - BHO: (no name) - {A0B67065-4957-40B2-8EF8-E2C34781292B} - (no file)
O2 - BHO: MSEvents Object - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\nnnonnm.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwev.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send To &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} () - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: awttqno - C:\WINDOWS\system32\awttqno.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\
O20 - Winlogon Notify: iifccab - C:\WINDOWS\system32\iifccab.dll (file missing)
O20 - Winlogon Notify: mljghgf - C:\WINDOWS\system32\mljghgf.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\
O20 - Winlogon Notify: nnnonnm - C:\WINDOWS\system32\nnnonnm.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\system32\wingsa32.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\system32\winzlo32.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe



-- File Associations -----------------------------------------------------------

.com - unable to read key
.com - unable to read key
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 Ca536av (DigitalCam Pro Video Camera Device) - c:\windows\system32\drivers\ca536av.sys <Not Verified; Digital Camera; Digital Camera Driver>
S2 OMSCAN - \sysš (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 catchme - c:\docume~1\nick\locals~1\temp\catchme.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 USBCamera (DigitalCam Pro Still Camera Device) - c:\windows\system32\drivers\bulk536.sys <Not Verified; USB BULK; Platform SDK Sample Code>
S3 XSHARK (Xploder Driver (xshark.sys)) - c:\windows\system32\drivers\xshark.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 LvHidSvc (LifeView HID Service) - c:\windows\system32\lvhidsvc.exe <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>
R2 RP_FWS (PCguard Firewall) - c:\program files\blueyonder\pcguard\fws.exe <Not Verified; Radialpoint Inc.; Radialpoint Security Services 5.5.1>

S3 EpsonBidirectionalService -
S4 SysEnforce -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ROOT\UNKNOWN00
Manufacturer: (Standard port types)
Name: Communications Port (COM18)
PNP Device ID: ROOT\UNKNOWN00
Service: Serial


-- Scheduled Tasks -------------------------------------------------------------

2007-08-20 17:10:27 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-20 17:10:26 370 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-08-20 16:30:00 396 --a------ C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job
2007-08-18 20:00:00 408 --a------ C:\WINDOWS\Tasks\AwcProUpdate.job


-- Files created between 2007-07-20 and 2007-08-20 -----------------------------

2007-08-20 17:20:02 6513 --ahs---- C:\WINDOWS\system32\svvwa.bak1
2007-08-20 17:14:33 43542 --a------ C:\WINDOWS\system32\tuvspnl.dll
2007-08-20 17:08:42 0 d-------- C:\Program Files\RegCure
2007-08-20 16:46:03 15360 --a------ C:\WINDOWS\system32\drvwevr.dll
2007-08-20 16:46:03 94720 --a------ C:\WINDOWS\system32\drvwev.dll
2007-08-20 12:39:03 0 d-------- C:\Documents and Settings\nick\.housecall6.6
2007-08-20 11:06:48 6473 --ahs---- C:\WINDOWS\system32\accdd.bak2
2007-08-20 00:07:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-19 18:33:07 0 dr-h----- C:\Documents and Settings\nick\Recent
2007-08-19 16:50:14 6473 --ahs---- C:\WINDOWS\system32\accdd.bak1
2007-08-19 16:01:32 15360 --a------ C:\WINDOWS\system32\drvvajr.dll
2007-08-19 16:01:32 94720 --a------ C:\WINDOWS\system32\drvvaj.dll
2007-08-19 16:01:24 43542 --a------ C:\WINDOWS\system32\nnnonnm.dll
2007-08-19 01:48:58 26 -ra------ C:\WINDOWS\system32\system82.sys
2007-08-19 01:48:56 26 -ra------ C:\WINDOWS\system32\system82.DLL
2007-08-19 01:35:36 0 d-------- C:\Program Files\Lotto007 Prediction Expert
2007-08-18 23:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 16:45:55 0 d-------- C:\Program Files\Camtech
2007-08-18 16:20:29 0 d-------- C:\Program Files\AZPR
2007-08-18 13:09:15 10094 --a------ C:\WINDOWS\msvrc20.dll
2007-08-18 13:09:14 0 d-------- C:\Program Files\IObit
2007-08-18 13:03:07 0 d-------- C:\Documents and Settings\nick\Application Data\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Common Files\Pointstone
2007-08-18 12:44:52 70208 --a------ C:\WINDOWS\system32\svxiltwp.dll
2007-08-18 12:44:37 70208 --a------ C:\WINDOWS\system32\atcsrlra.dll
2007-08-18 12:44:24 70208 --a------ C:\WINDOWS\system32\oxlmeupo.dll
2007-08-18 12:44:03 70208 --a------ C:\WINDOWS\system32\qpbqwhga.dll
2007-08-18 12:37:55 70208 --a------ C:\WINDOWS\system32\qctsvseg.dll
2007-08-18 12:37:48 70208 --a------ C:\WINDOWS\system32\ydnwolie.dll
2007-08-18 12:37:40 70208 --a------ C:\WINDOWS\system32\bfbcilnv.dll
2007-08-18 12:37:32 70208 --a------ C:\WINDOWS\system32\nlgeooxs.dll
2007-08-18 12:37:13 70208 --a------ C:\WINDOWS\system32\ykmhuvpc.dll
2007-08-18 12:36:46 70208 --a------ C:\WINDOWS\system32\lrfonvek.dll
2007-08-18 12:33:06 70208 --a------ C:\WINDOWS\system32\ofbifgmg.dll
2007-08-18 12:29:47 70208 --a------ C:\WINDOWS\system32\vxgcvjbs.dll
2007-08-18 12:24:13 951704 --ahs---- C:\WINDOWS\system32\mmllm.bak2
2007-08-17 21:42:35 43542 --a------ C:\WINDOWS\system32\cbxxxyw.dll
2007-08-17 21:37:41 43542 --a------ C:\WINDOWS\system32\jkkklmm.dll
2007-08-17 21:35:35 15360 --a------ C:\WINDOWS\system32\drvmulr.dll
2007-08-17 21:35:26 43542 --a------ C:\WINDOWS\system32\wvuuvvw.dll
2007-08-17 21:35:12 20480 --a------ C:\WINDOWS\system32\wingsa32.dll
2007-08-17 21:25:36 6473 --ahs---- C:\WINDOWS\system32\mmllm.bak1
2007-08-13 01:15:06 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-08-13 01:14:21 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-08-13 01:14:14 300436 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-08-13 01:13:50 0 d-------- C:\WINDOWS\system32\PAV
2007-08-13 01:13:24 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2007-08-13 01:13:19 0 d-------- C:\Program Files\Panda Security
2007-08-13 01:08:14 0 d-------- C:\Program Files\Common Files\Panda Software
2007-08-13 00:04:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-11 20:50:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-11 13:00:59 0 d-------- C:\Program Files\IDoser
2007-08-10 23:32:23 0 d-------- C:\Program Files\Advanced GIF Animator
2007-08-10 18:50:18 0 d-------- C:\Program Files\Windows Live
2007-08-09 21:59:02 0 d-------- C:\Documents and Settings\nick\Contacts
2007-08-09 21:57:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-09 21:53:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-09 21:43:31 0 d-------- C:\VundoFix Backups
2007-08-08 13:15:54 48 --a------ C:\Documents and Settings\nick\readme
2007-08-08 12:30:29 0 d-------- C:\EmergencyUtils
2007-08-08 10:50:47 3732 --a------ C:\DOCyoyo.reg
2007-08-07 22:21:44 262416 --a------ C:\WINDOWS\system32\ASFV2.DLL
2007-08-07 22:21:43 15360 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>
2007-08-07 22:19:22 0 d-------- C:\WINDOWS\system32\Adobe
2007-08-07 22:17:44 7899 --a------ C:\WINDOWS\system\Iosubsys <Not Verified; TeleChips Inc.; TeleChips SCSI Adapter for Win98/ME>
2007-08-07 21:05:20 0 d-------- C:\Program Files\Support Tools
2007-08-05 11:31:20 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-05 01:13:13 0 d-------- C:\Program Files\Advanced Browser
2007-08-04 21:31:51 0 d-------- C:\Documents and Settings\nick\DoctorWeb
2007-08-02 22:10:52 0 d-------- C:\Program Files\SpywareBlaster
2007-08-02 07:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-08-01 21:18:13 0 d-------- C:\WINDOWS\system32\QuickTime
2007-08-01 21:17:49 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-08-01 21:17:13 0 d-------- C:\Program Files\TechSmith
2007-08-01 16:23:13 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Profiles
2007-08-01 16:21:01 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Browser
2007-08-01 16:20:58 0 d-------- C:\Program Files\Avant Browser
2007-07-31 21:21:27 39770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2007-07-31 21:21:08 32768 --a------ C:\WINDOWS\system32\ServiceRepair.exe <Not Verified; WareSoft Software; ServiceRepair>
2007-07-31 21:21:07 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2007-07-28 23:00:01 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2007-07-28 13:42:21 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-28 13:17:16 0 d-------- C:\Program Files\Common Files\iS3
2007-07-28 13:17:15 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-07-28 02:11:42 0 d-------- C:\Documents and Settings\nick\Application Data\BitTorrent
2007-07-28 02:00:03 8576 --a------ C:\WINDOWS\system32\drivers\ljnelkliyanu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-28 01:03:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-07-28 01:00:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Advanced Browser
2007-07-27 17:36:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-27 12:21:18 8576 --a------ C:\WINDOWS\system32\drivers\opabcojvebht.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 21:07:23 8576 --a------ C:\WINDOWS\system32\drivers\cwnsjlwkekub.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:56:09 8576 --a------ C:\WINDOWS\system32\drivers\auctfrvqnwve.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:45:53 0 --a------ C:\-1607639607
2007-07-26 02:20:56 8576 --a------ C:\WINDOWS\system32\drivers\jibxpfefmjvf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 02:12:43 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-26 00:49:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-26 00:37:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-25 20:36:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-25 20:35:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 20:35:43 0 d-------- C:\Documents and Settings\nick\Application Data\SUPERAntiSpyware.com
2007-07-25 20:35:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 14:42:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-25 14:30:02 0 d-------- C:\Program Files\LizardTech
2007-07-24 22:14:31 0 d-------- C:\WINDOWS\ERUNT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-24 22:02:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-24 22:02:04 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-24 22:02:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-24 21:59:11 0 d-------- C:\WINDOWS\pss
2007-07-23 21:46:32 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2007-07-23 21:46:27 53248 --a------ C:\WINDOWS\vsnpstd3.dll
2007-07-23 21:46:27 20480 --a------ C:\WINDOWS\usnpstd3.exe <Not Verified; ; DelHwKey Application>
2007-07-23 21:46:27 147456 --a------ C:\WINDOWS\system32\rsnpstd3.dll <Not Verified; ; ResourceDLL>
2007-07-23 21:46:27 0 d-------- C:\Program Files\Common Files\snpstd3
2007-07-22 21:24:18 0 d-------- C:\Program Files\Spyware Doctor


-- Find3M Report ---------------------------------------------------------------

2007-08-18 12:59:50 0 d-------- C:\Program Files\Common Files
2007-08-17 22:11:35 0 d-------- C:\Documents and Settings\nick\Application Data\Advanced Browser
2007-08-13 01:13:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 00:19:42 1221 --a------ C:\Program Files\f3m0.cf
2007-08-13 00:19:41 315 --a------ C:\Program Files\ErrDbg.cf
2007-08-13 00:19:41 1106 --a------ C:\Program Files\ComboFix.txt
2007-08-12 22:56:50 0 d-------- C:\Program Files\WinAce
2007-08-12 22:56:50 0 d-------- C:\Program Files\Ubisoft
2007-08-12 22:56:50 0 d-------- C:\Program Files\DivX
2007-08-12 22:56:42 0 d-------- C:\Program Files\ChessPlanet
2007-08-12 22:56:26 0 d-------- C:\Program Files\Ahead
2007-08-12 00:13:00 0 d-------- C:\Program Files\MessengerDiscovery
2007-08-11 20:50:51 0 d-------- C:\Program Files\Lavasoft
2007-08-08 15:28:51 0 d-------- C:\Program Files\Arena
2007-08-08 13:36:00 0 d-------- C:\Program Files\EMCO Malware Destroyer
2007-08-08 13:34:04 0 d-------- C:\Program Files\Microsoft Bootvis
2007-08-08 11:51:15 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-08-06 21:29:49 0 d-------- C:\Program Files\Mouse Driver
2007-08-06 21:28:59 0 d-------- C:\Program Files\Multimedia Keyboard
2007-08-02 01:00:32 0 d-------- C:\Program Files\Remote Desktop Control
2007-07-31 12:31:03 0 d-------- C:\Documents and Settings\nick\Application Data\InternetCalls
2007-07-28 02:55:40 0 d-------- C:\Program Files\TVR
2007-07-28 02:52:19 0 d-------- C:\Program Files\Messenger
2007-07-28 02:38:38 0 d-------- C:\Program Files\Common Files\Command Software
2007-07-28 02:35:44 0 d-------- C:\Program Files\Ace Utilities
2007-07-25 14:43:56 0 d-------- C:\Documents and Settings\nick\Application Data\Adobe
2007-07-25 14:42:14 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-23 12:54:15 0 d-------- C:\Program Files\InfiniaChess
2007-07-22 00:06:46 0 d-------- C:\Program Files\PCPitstop
2007-07-19 23:15:51 0 d-------- C:\Documents and Settings\nick\Application Data\Lavasoft
2007-07-18 20:28:29 0 d-------- C:\Documents and Settings\nick\Application Data\Google
2007-07-16 23:16:44 0 d-------- C:\Program Files\Game Accelerator
2007-07-16 15:02:58 0 d-------- C:\Program Files\WinPopup Speak
2007-07-15 22:16:20 0 d-------- C:\Program Files\SCAR 3.06
2007-07-15 22:16:14 0 d-------- C:\Program Files\SCAR 3.05
2007-07-15 22:15:57 0 d-------- C:\Program Files\ServersCheck_RemoteBooting
2007-07-15 21:41:40 164 --a------ C:\install.dat
2007-07-15 01:03:03 24 --a------ C:\WINDOWS\twin.dll
2007-07-14 23:27:02 0 d-------- C:\Program Files\uTorrent
2007-07-14 18:16:51 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-14 18:15:38 56 -rahs---- C:\WINDOWS\system32\B0DE9BE21E.sys
2007-07-13 22:15:26 0 d-------- C:\Program Files\Speed Gear 5
2007-07-01 23:31:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:22:21 0 d-------- C:\Documents and Settings\nick\Application Data\Aquarius Soft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17E8A9D4-2445-400A-BC9C-9AED314CF51D}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3714F336-2A8F-46A2-8B68-4BE6A2227FBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B6622EB-AFD5-4872-9466-C05A85D3C051}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CA3EEA2-0EBE-412A-A953-0D7B85B06E53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B67065-4957-40B2-8EF8-E2C34781292B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC358019-D328-40B4-8E2D-818CE142616C}]
2007-08-19 16:01 43542 --a------ C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"CTDrive"="C:\WINDOWS\system32\drvwev.dll" [2007-08-20 16:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CC358019-D328-40B4-8E2D-818CE142616C}"= C:\WINDOWS\system32\nnnonnm.dll [2007-08-19 16:01 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqno]
awttqno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifccab]
iifccab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghgf]
mljghgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnm]
nnnonnm.dll 2007-08-19 16:01 43542 C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]
wingsa32.dll 2007-08-17 21:35 20480 C:\WINDOWS\system32\wingsa32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"<NO NAME>"=
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"RecSche"="C:\Program Files\TVR\RecSche.exe"
"GameXL"=
"CreativeMouse"="C:\Program Files\Mouse Driver\MouseDrv.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe




-- End of Deckard's System Scanner: finished at 2007-08-20 23:30:59 ------------






Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 767.48 MiB / 440.46 MiB
Pagefile Memory (total/avail): 1876.31 MiB / 1585.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 15.8 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: PCguard Firewall v5.5.1 (Telewest)
FW: Panda Antivirus 2008 Personal Firewall v7.00.00 (Panda Security) Disabled
AV: Panda Antivirus + Firewall 2008 v7.00.00 (Panda Security) Disabled
AV: PCguard Anti-Virus v5.5.1 (Telewest) Disabled Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\nick\\LOCALS~1\\Temp\\win1C.tmp.exe"="C:\\DOCUME~1\\nick\\LOCALS~1\\Temp\\win1C.tmp.exe:*:Enabled:win1C.tmp"
"C:\\WINDOWS\\TEMP\\win15B.tmp.exe"="C:\\WINDOWS\\TEMP\\win15B.tmp.exe:*:Enabled:win15B.tmp"
"C:\\WINDOWS\\TEMP\\win24.tmp.exe"="C:\\WINDOWS\\TEMP\\win24.tmp.exe:*:Enabled:win24.tmp"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\nick\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-XXOC2DEDWC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nick
LOGONSERVER=\\HOME-XXOC2DEDWC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Java\jdk1.6.0_01\bin;C:\Program Files\Support Tools\;C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008;C:\Program Files\Java\jdk1.6.0_01\bin;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\nick\LOCALS~1\Temp
TMP=C:\DOCUME~1\nick\LOCALS~1\Temp
USERDOMAIN=HOME-XXOC2DEDWC
USERNAME=nick
USERPROFILE=C:\Documents and Settings\nick
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nick (admin)
nicky (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> .
--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Browser (remove only) --> "C:\Program Files\Advanced Browser\uninst.exe"
Advanced WindowsCare 2.50 Professional --> "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24DE6EDD-AF14-48D7-AAE9-E998E3A3F1EE}\Setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Authentium -->
AutoUpdate -->
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Belarc Advisor 6.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
blueyonder PCguard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{83CDADBF-C060-444D-B17D-5742C425CC19}
BOSS Fonts Manager --> C:\WINDOWS\IsUninst.exe -fC:\BOSSFonts\Uninst.isu
CameraMate ProPix OnTV v1.4 --> "C:\Program Files\ProPixOnTV\unins000.exe"
CameraMate ProPix Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13E4A3B-CCA5-47C2-BC60-F749438E8AC5}\Setup.exe"
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Camtasia Studio 4 --> MsiExec.exe /I{1BA16E5A-72B9-44B7-9FDA-FB6CE7FF6C0C}
CD Keys --> C:\PROGRA~1\Camtech\CD Keys\UNWISE.EXE C:\PROGRA~1\Camtech\CD Keys\INSTALL.LOG
Chris Moneymakers World Poker Championship (remove only) -->
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Concord 3045 Camera Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A11D564-8168-4496-985A-5C91DC6CEECB}\setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe"
EMCO Malware Destroyer --> "C:\Program Files\EMCO Malware Destroyer\unins000.exe"
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninstuninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL
Hemera Photo-Objects 5000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hemera Photo-Objects 5000\Uninst.isu"
HijackThis 1.99.1 -->
Hoyle Board Games 2003 -->
Hoyle Board Games 2003 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}
Iconoid Version 3.4.0 --> "C:\Program Files\Iconoid\unins000.exe"
Intel® 536EP V.92 Modem --> C:\Program Files\InstallShield Installation Information\{C9172615-3EE1-4938-A437-281022B82778}\setup.exe deinst
Java™ SE Development Kit 6 Update 1 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LG PhoneManager -->
LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}\setup.exe" -l0x9 -removeonly
LG SyncManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFD25152-1916-4744-BAAF-F2D2EBF38284}\setup.exe" -l0x9 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Lotto007 Prediction Expert 5.5 --> "C:\Program Files\Lotto007 Prediction Expert\unins000.exe"
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Moraff's MarbleJongg 1.11 Freeware --> C:\Program Files\Moraff's MarbleJongg 1.11 Freeware\uninstall.exe
Mouse Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EBA5473-558B-462C-AEE4-FE50FA799F2A}\Setup.exe"
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NJStar Japanese WP --> C:\Program Files\NJStar Japanese WP\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda Antivirus + Firewall 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.exe" -l0x9 -removeonly
PCguard -->
PCguard advisor 1.3.22 --> "C:\Program Files\blueyonder\PCguard advisor\unins001.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PPSDKRedistributables -->
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Sid Meier's Civilization 4 -->
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Space Invaders OpenGL (remove only) --> "C:\Program Files\Space Invaders OpenGL\uninstall.exe"
Speed Gear 5.00 --> "C:\Program Files\Speed Gear 5\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
StartPage Guard 2.51 --> "C:\Program Files\PJW\SPGuard\unins000.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://javadl-esd.su...m20/sdm20.jnlp"
SuperCleaner --> "C:\Program Files\SuperCleaner\Uninst.exe" C:\Program Files\SuperCleaner\Uninst.ini
System Cleaner 5 --> C:\Program Files\Pointstone\System Cleaner 5\Uninstall.exe
Tomb Raider II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Core Design\Tomb Raider II\Uninst.isu"
USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
Veoh Player -->
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Integrated Setup Wizard -->
VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WebFldrs XP -->
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Worms World Party --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
YouTube Downloader 2.4 --> "C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type548 / Error
Event Submitted/Written: 08/20/2007 11:09:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module sdhelper.dll, version 1.4.0.0, fault address 0x000192ec.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type530 / Warning
Event Submitted/Written: 08/20/2007 03:22:17 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type520 / Warning
Event Submitted/Written: 08/19/2007 09:47:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type492 / Warning
Event Submitted/Written: 08/19/2007 02:24:29 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type489 / Error
Event Submitted/Written: 08/19/2007 01:01:11 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional. The Windows installer cannot continue.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30786 / Error
Event Submitted/Written: 08/20/2007 11:11:32 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to
  • 0

#6
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi thebeast,

Your computer was quite heavily infected with Virtumonde. Although you may have gotten some of it, there is quite a bit still there which we will have to deal with. As a note, from this point forward please to do not do anything, or run any tools other than those I ask you to. More times than not this approach just adds to the confusion and makes symptoms and logs difficult to interpret. If you stick to the instructions then I know exactly what is happening, and that will ultimately get things done much quicker :whistling:

Before we get to work, I see you have both Panda AntiVirus and PCGuard AntiVirus. Both are disabled, and PCGuard additionally needs to be updated - why? Not having have an AntiVirus program enabled at all times is inviting disaster. Please select one of those programs and enable them. If it is PCGuard then be sure to update it as well. Remeber, only enable one of them. Having more than one AntiVirus program running can be detrimental to your system security.

Now, lets get down to business.
----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

----------------------------------------------------------------

Information to include in your next post:
  • ComboFix Log
  • Fresh Hijack This Log

  • 0

#7
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
okay sure :whistling:

one problem though, Pcguard is in a world of its own, it wont boot, it slows the computer down, and then it keeps crashing, second, I do have padna activated, im not sure why its saying its not, I will try turning it on in the startup list that might be why, ( somone told me that turning the startup programs off would make it boot faster)

Il post that log asap, thank you.
  • 0

#8
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 07-08-17.2 - "nick" 2007-08-21 13:28:08.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT 1:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\atcsrlra.dll
C:\WINDOWS\system32\bfbcilnv.dll
C:\WINDOWS\system32\lrfonvek.dll
C:\WINDOWS\system32\nlgeooxs.dll
C:\WINDOWS\system32\ofbifgmg.dll
C:\WINDOWS\system32\oxlmeupo.dll
C:\WINDOWS\system32\qctsvseg.dll
C:\WINDOWS\system32\qpbqwhga.dll
C:\WINDOWS\system32\svxiltwp.dll
C:\WINDOWS\system32\vxgcvjbs.dll
C:\WINDOWS\system32\wingsa32.dll
C:\WINDOWS\system32\ydnwolie.dll
C:\WINDOWS\system32\ykmhuvpc.dll


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-21 00:33 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\uTorrent
2007-08-20 23:26 <DIR> d-------- C:\Deckard
2007-08-20 17:14 43,542 --a------ C:\WINDOWS\system32\tuvspnl.dll
2007-08-20 17:08 <DIR> d-------- C:\Program Files\RegCure
2007-08-20 16:46 94,720 --a------ C:\WINDOWS\system32\drvwev.dll
2007-08-20 16:46 15,360 --a------ C:\WINDOWS\system32\drvwevr.dll
2007-08-20 12:39 <DIR> d-------- C:\DOCUME~1\nick\.housecall6.6
2007-08-20 11:06 6,473 --ahs---- C:\WINDOWS\system32\accdd.bak2
2007-08-20 00:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-19 16:50 6,473 --ahs---- C:\WINDOWS\system32\accdd.bak1
2007-08-19 16:01 94,720 --a------ C:\WINDOWS\system32\drvvaj.dll
2007-08-19 16:01 43,542 --a------ C:\WINDOWS\system32\nnnonnm.dll
2007-08-19 16:01 15,360 --a------ C:\WINDOWS\system32\drvvajr.dll
2007-08-19 01:48 26 -ra------ C:\WINDOWS\system32\system82.sys
2007-08-19 01:48 26 -ra------ C:\WINDOWS\system32\system82.DLL
2007-08-19 01:35 <DIR> d-------- C:\Program Files\Lotto007 Prediction Expert
2007-08-18 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-18 16:45 <DIR> d-------- C:\Program Files\Camtech
2007-08-18 16:20 <DIR> d-------- C:\Program Files\AZPR
2007-08-18 13:09 <DIR> d-------- C:\Program Files\IObit
2007-08-18 13:03 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\Pointstone
2007-08-18 12:59 <DIR> d-------- C:\Program Files\Pointstone
2007-08-18 12:59 <DIR> d-------- C:\Program Files\Common Files\Pointstone
2007-08-18 12:24 951,704 --ahs---- C:\WINDOWS\system32\mmllm.bak2
2007-08-17 21:42 43,542 --a------ C:\WINDOWS\system32\cbxxxyw.dll
2007-08-17 21:37 43,542 --a------ C:\WINDOWS\system32\jkkklmm.dll
2007-08-17 21:35 43,542 --a------ C:\WINDOWS\system32\wvuuvvw.dll
2007-08-17 21:35 15,360 --a------ C:\WINDOWS\system32\drvmulr.dll
2007-08-17 21:25 6,473 --ahs---- C:\WINDOWS\system32\mmllm.bak1
2007-08-16 15:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 01:15 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2007-08-13 01:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
2007-08-13 01:14 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-08-13 01:14 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-08-13 01:14 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-08-13 01:14 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-08-13 01:14 298,264 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-08-13 01:14 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-08-13 01:14 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-08-13 01:13 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-08-13 01:13 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2007-08-13 01:13 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-08-13 01:13 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-08-13 01:13 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-08-13 01:13 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-08-13 01:13 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-08-13 01:13 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2007-08-13 01:13 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2007-08-13 01:13 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-08-13 01:13 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-08-13 01:13 <DIR> d-------- C:\Program Files\Panda Security
2007-08-13 01:12 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2007-08-13 01:12 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-08-13 01:08 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-08-11 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-11 13:00 <DIR> d-------- C:\Program Files\IDoser
2007-08-10 23:32 <DIR> d-------- C:\Program Files\Advanced GIF Animator
2007-08-10 18:50 <DIR> d-------- C:\Program Files\Windows Live
2007-08-09 21:59 <DIR> d-------- C:\DOCUME~1\nick\Contacts
2007-08-09 21:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-09 21:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-09 21:43 <DIR> d-------- C:\VundoFix Backups
2007-08-08 12:30 <DIR> d-------- C:\EmergencyUtils
2007-08-08 10:50 3,732 --a------ C:\DOCyoyo.reg
2007-08-07 22:21 84,992 --a------ C:\WINDOWS\system32\atl70.dll
2007-08-07 22:21 262,416 --a------ C:\WINDOWS\system32\ASFV2.DLL
2007-08-07 22:21 15,360 --a------ C:\WINDOWS\system32\asfsipc.dll
2007-08-07 21:05 <DIR> d-------- C:\Program Files\Support Tools
2007-08-05 11:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-05 01:13 <DIR> d-------- C:\Program Files\Advanced Browser
2007-08-04 21:31 <DIR> d-------- C:\DOCUME~1\nick\DoctorWeb
2007-08-02 22:10 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-02 07:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-01 21:18 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-08-01 21:18 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-01 21:17 <DIR> d-------- C:\Program Files\TechSmith
2007-08-01 21:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-08-01 16:23 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\Avant Profiles
2007-08-01 16:21 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\Avant Browser
2007-08-01 16:20 <DIR> d-------- C:\Program Files\Avant Browser
2007-07-31 21:21 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2007-07-31 21:21 39,770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2007-07-31 21:21 32,768 --a------ C:\WINDOWS\system32\ServiceRepair.exe
2007-07-28 23:00 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2007-07-28 13:17 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-07-28 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-07-28 02:11 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\BitTorrent
2007-07-28 02:00 8,576 --a------ C:\WINDOWS\system32\drivers\ljnelkliyanu.sys
2007-07-28 01:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-07-28 01:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Advanced Browser
2007-07-27 17:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-27 12:21 8,576 --a------ C:\WINDOWS\system32\drivers\opabcojvebht.sys
2007-07-26 21:07 8,576 --a------ C:\WINDOWS\system32\drivers\cwnsjlwkekub.sys
2007-07-26 20:56 8,576 --a------ C:\WINDOWS\system32\drivers\auctfrvqnwve.sys
2007-07-26 02:20 8,576 --a------ C:\WINDOWS\system32\drivers\jibxpfefmjvf.sys
2007-07-26 02:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 20:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-25 20:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 20:35 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\SUPERAntiSpyware.com


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-21 12:58 298264 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-08-21 12:58 1204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-08-21 12:58 1204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-08-17 22:11 --------- d-------- C:\DOCUME~1\nick\APPLIC~1\Advanced Browser
2007-08-13 01:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 00:19 315 --a------ C:\Program Files\ErrDbg.cf
2007-08-13 00:19 1221 --a------ C:\Program Files\f3m0.cf
2007-08-13 00:19 1106 --a------ C:\Program Files\ComboFix.txt
2007-08-12 22:56 --------- d-------- C:\Program Files\WinAce
2007-08-12 22:56 --------- d-------- C:\Program Files\Ubisoft
2007-08-12 22:56 --------- d-------- C:\Program Files\DivX
2007-08-12 22:56 --------- d-------- C:\Program Files\ChessPlanet
2007-08-12 22:56 --------- d-------- C:\Program Files\Ahead
2007-08-12 00:13 --------- d-------- C:\Program Files\MessengerDiscovery
2007-08-11 20:50 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 15:28 --------- d-------- C:\Program Files\Arena
2007-08-08 13:36 --------- d-------- C:\Program Files\EMCO Malware Destroyer
2007-08-08 13:34 --------- d-------- C:\Program Files\Microsoft Bootvis
2007-08-08 11:51 --------- d-------- C:\Program Files\Common Files\PestPatrol
2007-08-07 21:05 3270 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore.bin
2007-08-06 21:29 --------- d-------- C:\Program Files\Mouse Driver
2007-08-06 21:28 --------- d-------- C:\Program Files\Multimedia Keyboard
2007-08-02 01:00 --------- d-------- C:\Program Files\Remote Desktop Control
2007-07-31 12:31 --------- d-------- C:\DOCUME~1\nick\APPLIC~1\InternetCalls
2007-07-28 02:55 --------- d-------- C:\Program Files\TVR
2007-07-28 02:52 --------- d-------- C:\Program Files\Messenger
2007-07-28 02:38 --------- d-------- C:\Program Files\Common Files\Command Software
2007-07-28 02:35 --------- d-------- C:\Program Files\Ace Utilities
2007-07-23 12:54 --------- d-------- C:\Program Files\InfiniaChess
2007-07-22 00:06 --------- d-------- C:\Program Files\PCPitstop
2007-07-19 23:15 --------- d-------- C:\DOCUME~1\nick\APPLIC~1\Lavasoft
2007-07-18 20:28 --------- d-------- C:\DOCUME~1\nick\APPLIC~1\Google
2007-07-16 23:16 --------- d-------- C:\Program Files\Game Accelerator
2007-07-16 15:02 --------- d-------- C:\Program Files\WinPopup Speak
2007-07-15 22:16 --------- d-------- C:\Program Files\SCAR 3.06
2007-07-15 22:16 --------- d-------- C:\Program Files\SCAR 3.05
2007-07-15 22:15 --------- d-------- C:\Program Files\ServersCheck_RemoteBooting
2007-07-15 01:03 24 --a------ C:\WINDOWS\twin.dll
2007-07-14 23:27 --------- d-------- C:\Program Files\uTorrent
2007-07-14 18:16 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-14 18:15 56 -rahs---- C:\WINDOWS\system32\B0DE9BE21E.sys
2007-07-13 22:15 --------- d-------- C:\Program Files\Speed Gear 5
2007-07-12 18:18 50520 --a------ C:\WINDOWS\system32\csvidcap.dll
2007-07-01 23:31 --------- d-------- C:\Program Files\CamStudio
2007-06-26 22:22 --------- d-------- C:\DOCUME~1\nick\APPLIC~1\Aquarius Soft
2007-06-23 16:17 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-08-03 00:53 4 --a--c--- C:\Program Files\Common Files\Cvtaqlog.dat
2006-08-01 16:33 560 --a------ C:\Program Files\Global.sw


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3714F336-2A8F-46A2-8B68-4BE6A2227FBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B6622EB-AFD5-4872-9466-C05A85D3C051}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CA3EEA2-0EBE-412A-A953-0D7B85B06E53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B67065-4957-40B2-8EF8-E2C34781292B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC358019-D328-40B4-8E2D-818CE142616C}]
2007-08-19 16:01 43542 --a------ C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4814648-E8EB-4615-8FC0-D91DA250B252}]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CC358019-D328-40B4-8E2D-818CE142616C}"= C:\WINDOWS\system32\nnnonnm.dll [2007-08-19 16:01 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqno]
awttqno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifccab]
iifccab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghgf]
mljghgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnm]
nnnonnm.dll 2007-08-19 16:01 43542 C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"<NO NAME>"=
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"RecSche"="C:\Program Files\TVR\RecSche.exe"
"GameXL"=
"CreativeMouse"="C:\Program Files\Mouse Driver\MouseDrv.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
S1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
S1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
S1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
S1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys
S1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
S1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
S2 Ca536av;DigitalCam Pro Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys
S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
S2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
S3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
S3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 Intels51;Intel® 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
S3 LVCap138;TV Card Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys
S3 lvtuner;Mercury TV Card WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 XSHARK;Xploder Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sys


Contents of the 'Scheduled Tasks' folder
2007-08-20 15:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job - C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
2007-08-18 19:00:00 C:\WINDOWS\Tasks\AwcProUpdate.job - C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe
2007-08-20 16:10:27 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-20 16:10:26 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 13:36:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 13:40:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-21 13:40
C:\ComboFix2.txt ... 2007-08-16 22:24
C:\ComboFix3.txt ... 2007-08-14 20:51

--- E O F ---






===================================================================


Logfile of HijackThis v1.99.1
Scan saved at 13:52, on 2007-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AvTask.exe
C:\Documents and Settings\nick\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {3714F336-2A8F-46A2-8B68-4BE6A2227FBB} - (no file)
O2 - BHO: (no name) - {4B6622EB-AFD5-4872-9466-C05A85D3C051} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - (no file)
O2 - BHO: (no name) - {6CA3EEA2-0EBE-412A-A953-0D7B85B06E53} - (no file)
O2 - BHO: (no name) - {A0B67065-4957-40B2-8EF8-E2C34781292B} - (no file)
O2 - BHO: MSEvents Object - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\nnnonnm.dll
O2 - BHO: (no name) - {D4814648-E8EB-4615-8FC0-D91DA250B252} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: awttqno - awttqno.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\
O20 - Winlogon Notify: gebya - C:\WINDOWS\
O20 - Winlogon Notify: iifccab - iifccab.dll (file missing)
O20 - Winlogon Notify: mljghgf - mljghgf.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnonnm - C:\WINDOWS\SYSTEM32\nnnonnm.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: EpsonBidirectionalService - Authentium, Inc. - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
  • 0

#9
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi thebeast,

one problem though, Pcguard is in a world of its own, it wont boot, it slows the computer down, and then it keeps crashing, second, I do have padna activated, im not sure why its saying its not, I will try turning it on in the startup list that might be why, ( somone told me that turning the startup programs off would make it boot faster)


I would leave PCGuard alone in that case and just run Panda. If you disabled Panda in the startup list then it is likey not actively monitoring for threats, so you should re-enable it. You should also be able to start it manually. While on the subject of startup lists, is there anything else you disabled while trying to improve performance? If you disabled any processes related to malware then it will make it harder to find. Any details here would be helpful :whistling:

Now, lets get back to work. We made some progress there, but still plenty left to do. Lets continue.

----------------------------------------------------------------

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

----------------------------------------------------------------

Please scan again with Deckard's System Scanner (DSS).
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • VundoFix.txt
  • main.txt and extra.txt from DSS

  • 0

#10
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I think this is a log form when I scanned it yesterday, I done it again as you said but if found nothing and I coudlnt find a logm so I put in the filepath you gave me and this is what came out.

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 21:43:31 09/08/2007

Listing files found while scanning....

C:\WINDOWS\REGIST~1\crul.dll
C:\WINDOWS\REGIST~1\lurc.bak1
C:\WINDOWS\REGIST~1\lurc.bak2
C:\WINDOWS\REGIST~1\lurc.ini
C:\WINDOWS\system32\ipikhvfd.dll
C:\WINDOWS\system32\qutvwhgu.dll
C:\windows\system32\ughwvtuq.ini

Beginning removal...

Attempting to delete C:\WINDOWS\REGIST~1\crul.dll
C:\WINDOWS\REGIST~1\crul.dll Has been deleted!

Attempting to delete C:\WINDOWS\REGIST~1\lurc.bak1
C:\WINDOWS\REGIST~1\lurc.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\REGIST~1\lurc.bak2
C:\WINDOWS\REGIST~1\lurc.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\REGIST~1\lurc.ini
C:\WINDOWS\REGIST~1\lurc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ipikhvfd.dll
C:\WINDOWS\system32\ipikhvfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qutvwhgu.dll
C:\WINDOWS\system32\qutvwhgu.dll Has been deleted!

Attempting to delete C:\windows\system32\ughwvtuq.ini
C:\windows\system32\ughwvtuq.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 00:58:49 10/08/2007

Listing files found while scanning....


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 20:30:47 11/08/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 23:23:13 2007-08-15

Listing files found while scanning....


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 23:30:34 2007-08-15

Listing files found while scanning....

C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\ssqrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 14:47:58 2007-08-20

Listing files found while scanning....

C:\windows\system32\aknqkjik.dll
C:\windows\system32\byegcqqh.dll
C:\windows\system32\clisdokl.dll
C:\windows\system32\cshyjapp.dll
C:\windows\system32\kdoigbde.dll
C:\windows\system32\libihdjb.dll
C:\windows\system32\mbahmijw.dll
C:\windows\system32\mxcqfvux.dll
C:\windows\system32\mxkkbrbx.dll
C:\windows\system32\yehmhttu.dll

Beginning removal...

Attempting to delete C:\windows\system32\aknqkjik.dll
C:\windows\system32\aknqkjik.dll Has been deleted!

Attempting to delete C:\windows\system32\byegcqqh.dll
C:\windows\system32\byegcqqh.dll Has been deleted!

Attempting to delete C:\windows\system32\clisdokl.dll
C:\windows\system32\clisdokl.dll Has been deleted!

Attempting to delete C:\windows\system32\cshyjapp.dll
C:\windows\system32\cshyjapp.dll Has been deleted!

Attempting to delete C:\windows\system32\kdoigbde.dll
C:\windows\system32\kdoigbde.dll Has been deleted!

Attempting to delete C:\windows\system32\libihdjb.dll
C:\windows\system32\libihdjb.dll Has been deleted!

Attempting to delete C:\windows\system32\mbahmijw.dll
C:\windows\system32\mbahmijw.dll Has been deleted!

Attempting to delete C:\windows\system32\mxcqfvux.dll
C:\windows\system32\mxcqfvux.dll Has been deleted!

Attempting to delete C:\windows\system32\mxkkbrbx.dll
C:\windows\system32\mxkkbrbx.dll Has been deleted!

Attempting to delete C:\windows\system32\yehmhttu.dll
C:\windows\system32\yehmhttu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 00:25:04 2007-08-21

Listing files found while scanning....

C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 01:20:22 2007-08-21

Listing files found while scanning....

C:\WINDOWS\system32\pmkhh.dll

Beginning removal...


Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 22:45:32 2007-08-21

Listing files found while scanning....

No infected files were found.


Beginning removal...


that desktop scan is causing problems, my computer just goes mad, panda keeps trying to block it even when I have it turned off for some reason :S

all is good again :whistling:


I didnt get the extra log, it didnt appear :blink:




Deckard's System Scanner v20070819.64
Run by nick on 2007-08-21 23:04:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as nick.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-21 23:04:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WEBPROXY.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\nick\Local Settings\Temp\~ihipwgv.tmp\sed.exe
C:\Documents and Settings\nick\Desktop\Cookiegals help folder\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - {3714F336-2A8F-46A2-8B68-4BE6A2227FBB} - (no file)
O2 - BHO: (no name) - {4B6622EB-AFD5-4872-9466-C05A85D3C051} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - (no file)
O2 - BHO: (no name) - {6CA3EEA2-0EBE-412A-A953-0D7B85B06E53} - (no file)
O2 - BHO: (no name) - {A0B67065-4957-40B2-8EF8-E2C34781292B} - (no file)
O2 - BHO: MSEvents Object - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\nnnonnm.dll
O2 - BHO: (no name) - {D4814648-E8EB-4615-8FC0-D91DA250B252} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send To &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} () - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awttqno - C:\WINDOWS\system32\awttqno.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\
O20 - Winlogon Notify: iifccab - C:\WINDOWS\system32\iifccab.dll (file missing)
O20 - Winlogon Notify: mljghgf - C:\WINDOWS\system32\mljghgf.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\
O20 - Winlogon Notify: nnnonnm - C:\WINDOWS\system32\nnnonnm.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\system32\winzlo32.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe



-- Files created between 2007-07-21 and 2007-08-21 -----------------------------

2007-08-21 16:52:35 0 d-------- C:\Documents and Settings\nick\Application Data\PC Tools
2007-08-21 16:20:03 26 -r------- C:\WINDOWS\system32\system32.DLL
2007-08-21 16:09:27 0 d-------- C:\Program Files\Lotto007
2007-08-21 00:33:11 0 d-------- C:\Documents and Settings\nick\Application Data\uTorrent
2007-08-20 17:08:42 0 d-------- C:\Program Files\RegCure
2007-08-20 16:46:03 94720 --a------ C:\WINDOWS\system32\drvwev.dll
2007-08-20 12:39:03 0 d-------- C:\Documents and Settings\nick\.housecall6.6
2007-08-20 11:06:48 6473 --ahs---- C:\WINDOWS\system32\accdd.bak2
2007-08-20 00:07:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-19 18:33:07 0 dr-h----- C:\Documents and Settings\nick\Recent
2007-08-19 16:50:14 6473 --ahs---- C:\WINDOWS\system32\accdd.bak1
2007-08-19 16:01:32 94720 --a------ C:\WINDOWS\system32\drvvaj.dll
2007-08-19 16:01:24 43542 --a------ C:\WINDOWS\system32\nnnonnm.dll
2007-08-19 01:48:58 26 -ra------ C:\WINDOWS\system32\system82.sys
2007-08-19 01:48:56 26 -ra------ C:\WINDOWS\system32\system82.DLL
2007-08-19 01:35:36 0 d-------- C:\Program Files\Lotto007 Prediction Expert
2007-08-18 23:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 16:45:55 0 d-------- C:\Program Files\Camtech
2007-08-18 16:20:29 0 d-------- C:\Program Files\AZPR
2007-08-18 13:09:14 0 d-------- C:\Program Files\IObit
2007-08-18 13:03:07 0 d-------- C:\Documents and Settings\nick\Application Data\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Common Files\Pointstone
2007-08-18 12:24:13 951704 --ahs---- C:\WINDOWS\system32\mmllm.bak2
2007-08-17 21:35:26 43542 --a------ C:\WINDOWS\system32\wvuuvvw.dll
2007-08-17 21:25:36 6473 --ahs---- C:\WINDOWS\system32\mmllm.bak1
2007-08-13 01:15:06 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-08-13 01:14:21 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-08-13 01:14:14 302608 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-08-13 01:13:50 0 d-------- C:\WINDOWS\system32\PAV
2007-08-13 01:13:24 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2007-08-13 01:13:19 0 d-------- C:\Program Files\Panda Security
2007-08-13 01:08:14 0 d-------- C:\Program Files\Common Files\Panda Software
2007-08-13 00:04:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-11 20:50:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-11 13:00:59 0 d-------- C:\Program Files\IDoser
2007-08-10 23:32:23 0 d-------- C:\Program Files\Advanced GIF Animator
2007-08-10 18:50:18 0 d-------- C:\Program Files\Windows Live
2007-08-09 21:59:02 0 d-------- C:\Documents and Settings\nick\Contacts
2007-08-09 21:57:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-09 21:53:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-09 21:43:31 0 d-------- C:\VundoFix Backups
2007-08-08 13:15:54 48 --a------ C:\Documents and Settings\nick\readme
2007-08-08 12:30:29 0 d-------- C:\EmergencyUtils
2007-08-08 10:50:47 3732 --a------ C:\DOCyoyo.reg
2007-08-07 22:21:44 262416 --a------ C:\WINDOWS\system32\ASFV2.DLL
2007-08-07 22:21:43 15360 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>
2007-08-07 22:19:22 0 d-------- C:\WINDOWS\system32\Adobe
2007-08-07 22:17:44 7899 --a------ C:\WINDOWS\system\Iosubsys <Not Verified; TeleChips Inc.; TeleChips SCSI Adapter for Win98/ME>
2007-08-07 21:05:20 0 d-------- C:\Program Files\Support Tools
2007-08-05 11:31:20 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-05 01:13:13 0 d-------- C:\Program Files\Advanced Browser
2007-08-04 21:31:51 0 d-------- C:\Documents and Settings\nick\DoctorWeb
2007-08-02 22:10:52 0 d-------- C:\Program Files\SpywareBlaster
2007-08-02 07:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-08-01 21:18:13 0 d-------- C:\WINDOWS\system32\QuickTime
2007-08-01 21:17:49 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-08-01 21:17:13 0 d-------- C:\Program Files\TechSmith
2007-08-01 16:23:13 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Profiles
2007-08-01 16:21:01 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Browser
2007-08-01 16:20:58 0 d-------- C:\Program Files\Avant Browser
2007-07-31 21:21:27 39770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2007-07-31 21:21:08 32768 --a------ C:\WINDOWS\system32\ServiceRepair.exe <Not Verified; WareSoft Software; ServiceRepair>
2007-07-31 21:21:07 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2007-07-28 23:00:01 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2007-07-28 13:42:21 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-28 13:17:16 0 d-------- C:\Program Files\Common Files\iS3
2007-07-28 13:17:15 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-07-28 02:11:42 0 d-------- C:\Documents and Settings\nick\Application Data\BitTorrent
2007-07-28 02:00:03 8576 --a------ C:\WINDOWS\system32\drivers\ljnelkliyanu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-28 01:03:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-07-28 01:00:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Advanced Browser
2007-07-27 17:36:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-27 12:21:18 8576 --a------ C:\WINDOWS\system32\drivers\opabcojvebht.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 21:07:23 8576 --a------ C:\WINDOWS\system32\drivers\cwnsjlwkekub.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:56:09 8576 --a------ C:\WINDOWS\system32\drivers\auctfrvqnwve.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:45:53 0 --a------ C:\-1607639607
2007-07-26 02:20:56 8576 --a------ C:\WINDOWS\system32\drivers\jibxpfefmjvf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 02:12:43 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-26 00:49:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-26 00:37:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-25 20:36:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-25 20:35:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 20:35:43 0 d-------- C:\Documents and Settings\nick\Application Data\SUPERAntiSpyware.com
2007-07-25 20:35:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-25 14:42:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-25 14:30:02 0 d-------- C:\Program Files\LizardTech
2007-07-24 22:14:31 0 d-------- C:\WINDOWS\ERUNT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-24 22:02:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-24 22:02:04 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-24 22:02:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-24 21:59:11 0 d-------- C:\WINDOWS\pss
2007-07-23 21:46:32 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2007-07-23 21:46:27 53248 --a------ C:\WINDOWS\vsnpstd3.dll
2007-07-23 21:46:27 20480 --a------ C:\WINDOWS\usnpstd3.exe <Not Verified; ; DelHwKey Application>
2007-07-23 21:46:27 147456 --a------ C:\WINDOWS\system32\rsnpstd3.dll <Not Verified; ; ResourceDLL>
2007-07-23 21:46:27 0 d-------- C:\Program Files\Common Files\snpstd3


-- Find3M Report ---------------------------------------------------------------

2007-08-21 21:00:28 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-08-21 21:00:24 0 d-------- C:\Program Files\Common Files
2007-08-17 22:11:35 0 d-------- C:\Documents and Settings\nick\Application Data\Advanced Browser
2007-08-13 01:13:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 00:19:42 1221 --a------ C:\Program Files\f3m0.cf
2007-08-13 00:19:41 315 --a------ C:\Program Files\ErrDbg.cf
2007-08-13 00:19:41 1106 --a------ C:\Program Files\ComboFix.txt
2007-08-12 22:56:50 0 d-------- C:\Program Files\WinAce
2007-08-12 22:56:50 0 d-------- C:\Program Files\Ubisoft
2007-08-12 22:56:50 0 d-------- C:\Program Files\DivX
2007-08-12 22:56:42 0 d-------- C:\Program Files\ChessPlanet
2007-08-12 22:56:26 0 d-------- C:\Program Files\Ahead
2007-08-12 00:13:00 0 d-------- C:\Program Files\MessengerDiscovery
2007-08-11 20:50:51 0 d-------- C:\Program Files\Lavasoft
2007-08-08 15:28:51 0 d-------- C:\Program Files\Arena
2007-08-08 13:36:00 0 d-------- C:\Program Files\EMCO Malware Destroyer
2007-08-08 13:34:04 0 d-------- C:\Program Files\Microsoft Bootvis
2007-08-06 21:29:49 0 d-------- C:\Program Files\Mouse Driver
2007-08-06 21:28:59 0 d-------- C:\Program Files\Multimedia Keyboard
2007-08-02 01:00:32 0 d-------- C:\Program Files\Remote Desktop Control
2007-07-31 12:31:03 0 d-------- C:\Documents and Settings\nick\Application Data\InternetCalls
2007-07-28 02:55:40 0 d-------- C:\Program Files\TVR
2007-07-28 02:52:19 0 d-------- C:\Program Files\Messenger
2007-07-28 02:35:44 0 d-------- C:\Program Files\Ace Utilities
2007-07-25 14:43:56 0 d-------- C:\Documents and Settings\nick\Application Data\Adobe
2007-07-25 14:42:14 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-23 12:54:15 0 d-------- C:\Program Files\InfiniaChess
2007-07-22 00:06:46 0 d-------- C:\Program Files\PCPitstop
2007-07-19 23:15:51 0 d-------- C:\Documents and Settings\nick\Application Data\Lavasoft
2007-07-18 20:28:29 0 d-------- C:\Documents and Settings\nick\Application Data\Google
2007-07-16 23:16:44 0 d-------- C:\Program Files\Game Accelerator
2007-07-16 15:02:58 0 d-------- C:\Program Files\WinPopup Speak
2007-07-15 22:16:20 0 d-------- C:\Program Files\SCAR 3.06
2007-07-15 22:16:14 0 d-------- C:\Program Files\SCAR 3.05
2007-07-15 22:15:57 0 d-------- C:\Program Files\ServersCheck_RemoteBooting
2007-07-15 21:41:40 164 --a------ C:\install.dat
2007-07-15 01:03:03 24 --a------ C:\WINDOWS\twin.dll
2007-07-14 23:27:02 0 d-------- C:\Program Files\uTorrent
2007-07-14 18:16:51 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-14 18:15:38 56 -rahs---- C:\WINDOWS\system32\B0DE9BE21E.sys
2007-07-13 22:15:26 0 d-------- C:\Program Files\Speed Gear 5
2007-07-01 23:31:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:22:21 0 d-------- C:\Documents and Settings\nick\Application Data\Aquarius Soft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3714F336-2A8F-46A2-8B68-4BE6A2227FBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B6622EB-AFD5-4872-9466-C05A85D3C051}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CA3EEA2-0EBE-412A-A953-0D7B85B06E53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B67065-4957-40B2-8EF8-E2C34781292B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC358019-D328-40B4-8E2D-818CE142616C}]
2007-08-19 16:01 43542 --a------ C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4814648-E8EB-4615-8FC0-D91DA250B252}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CC358019-D328-40B4-8E2D-818CE142616C}"= C:\WINDOWS\system32\nnnonnm.dll [2007-08-19 16:01 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqno]
awttqno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifccab]
iifccab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghgf]
mljghgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnm]
nnnonnm.dll 2007-08-19 16:01 43542 C:\WINDOWS\system32\nnnonnm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"<NO NAME>"=
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"RecSche"="C:\Program Files\TVR\RecSche.exe"
"GameXL"=
"CreativeMouse"="C:\Program Files\Mouse Driver\MouseDrv.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe




-- End of Deckard's System Scanner: finished at 2007-08-21 23:06:13 ------------



Logfile of HijackThis v1.99.1
Scan saved at 23:08, on 2007-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\nick\LOCALS~1\Temp\~ihipwgv.tmp\sed.exe
C:\Documents and Settings\nick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {3714F336-2A8F-46A2-8B68-4BE6A2227FBB} - (no file)
O2 - BHO: (no name) - {4B6622EB-AFD5-4872-9466-C05A85D3C051} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - (no file)
O2 - BHO: (no name) - {6CA3EEA2-0EBE-412A-A953-0D7B85B06E53} - (no file)
O2 - BHO: (no name) - {A0B67065-4957-40B2-8EF8-E2C34781292B} - (no file)
O2 - BHO: MSEvents Object - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\nnnonnm.dll
O2 - BHO: (no name) - {D4814648-E8EB-4615-8FC0-D91DA250B252} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://www.outerinfo.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: awttqno - awttqno.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\
O20 - Winlogon Notify: ddcca - C:\WINDOWS\
O20 - Winlogon Notify: gebya - C:\WINDOWS\
O20 - Winlogon Notify: iifccab - iifccab.dll (file missing)
O20 - Winlogon Notify: mljghgf - mljghgf.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnonnm - C:\WINDOWS\SYSTEM32\nnnonnm.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

Edited by thebeast, 21 August 2007 - 04:08 PM.

  • 0

Advertisements


#11
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi thebeast,

Nice work getting through that last set of instructions. One thing though; you never answered my question in the previous post - did you disable any other programs at startup other than the antivirus programs?

We still have a good deal of work to do. There will be several steps in this post, but hopefully we will make a good deal of progress.

Lets get to it. You should print out, or save these instructions to a notepad file, as you will not be able to access this thread when in Safe Mode.

----------------------------------------------------------------

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop
  • We will run the program later.
----------------------------------------------------------------

Please submit the following files for analysis.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\system82.sys
    • C:\WINDOWS\system32\system82.DLL
    • C:\WINDOWS\system32\drivers\ljnelkliyanu.sys
    • C:\WINDOWS\system32\drivers\opabcojvebht.sys
  • Click on the submit button
  • Please post the results in your next reply.
Please note that if you are submitting more than one file they will have to be entered one at a time.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {3714F336-2A8F-46A2-8B68-4BE6A2227FBB} - (no file)
O2 - BHO: (no name) - {4B6622EB-AFD5-4872-9466-C05A85D3C051} - (no file)
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - (no file)
O2 - BHO: (no name) - {6CA3EEA2-0EBE-412A-A953-0D7B85B06E53} - (no file)
O2 - BHO: (no name) - {A0B67065-4957-40B2-8EF8-E2C34781292B} - (no file)
O2 - BHO: MSEvents Object - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\nnnonnm.dll
O2 - BHO: (no name) - {D4814648-E8EB-4615-8FC0-D91DA250B252} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: awttqno - C:\WINDOWS\system32\awttqno.dll (file missing)
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\
O20 - Winlogon Notify: iifccab - C:\WINDOWS\system32\iifccab.dll (file missing)
O20 - Winlogon Notify: mljghgf - C:\WINDOWS\system32\mljghgf.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\
O20 - Winlogon Notify: nnnonnm - C:\WINDOWS\system32\nnnonnm.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\system32\winzlo32.dll (file missing)



Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

----------------------------------------------------------------
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

uTorrent <<Optional - see below for details
BitTorrent <<Optional - see below for details
Enhanced Ads by Think-Adz removal
Outerinfo
Think-Adz Search Assistant removal


Optionals: Although uTorrent and BitTorrent are not malware themselves, the files downloaded with them are often a major source of infection, and they are likely the source of your current ailments. Hence, I strongly advise that they be removed. The choice to do so is yours, but keeping them will greatly increase your likelihood of being infected again in the future.

Please note any other programs that you dont recognize in that list in your next response

----------------------------------------------------------------

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these FOLDERS (if present):

C:\Program Files\uTorrent <<If removed in previous step
C:\Program Files\BitTorrent <<If removed in previous step
C:\Documents and Settings\nick\Application Data\uTorrent <<If removed in previous step
C:\Documents and Settings\nick\Application Data\BitTorrent <<If removed in previous step


----------------------------------------------------------------

Lets delete some ill mannered files.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\system32.DLL
    C:\WINDOWS\system32\drvwev.dll
    C:\WINDOWS\system32\accdd.bak2
    C:\WINDOWS\system32\accdd.bak1
    C:\WINDOWS\system32\drvvaj.dll
    C:\WINDOWS\system32\nnnonnm.dll
    C:\WINDOWS\system32\mmllm.bak2
    C:\WINDOWS\system32\wvuuvvw.dll
    C:\WINDOWS\system32\mmllm.bak1
    C:\WINDOWS\system32\hanonvt.ini


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum. Reboot into Normal Mode.

----------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

----------------------------------------------------------------

Please scan again with Deckard's System Scanner (DSS).
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • Jotti File Reports (4)
  • OTMoveIt Report
  • SmitfraudFix Report
  • main.txt and extra.txt from DSS
  • Give me an update on how the computer is running

  • 0

#12
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
:whistling:

the jotti scan all came up with " nothing found "


-----------------------------------------------------------------------------------------


OTMOVEIT

File/Folder C:\WINDOWS\system32\system32.DLL not found.
File/Folder C:\WINDOWS\system32\drvwev.dll not found.
File/Folder C:\WINDOWS\system32\accdd.bak2 not found.
File/Folder C:\WINDOWS\system32\accdd.bak1 not found.
File/Folder C:\WINDOWS\system32\drvvaj.dll not found.
File/Folder C:\WINDOWS\system32\nnnonnm.dll not found.
File/Folder C:\WINDOWS\system32\mmllm.bak2 not found.
File/Folder C:\WINDOWS\system32\wvuuvvw.dll not found.
File/Folder C:\WINDOWS\system32\mmllm.bak1 not found.
C:\WINDOWS\system32\hanonvt.ini moved successfully.

Created on 08-22-2007 22:03:18



------------------------------------------------------------------------------------------

DECKARD SCANNER ( the extra log file just never appeared :blink: )

Deckard's System Scanner v20070819.64
Run by nick on 2007-08-22 22:17:51
Computer is in Normal Mode.




-- HijackThis (run as nick.exe)

Unable to find log (file not found); running clone.
-- HijackThis Clone

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-22 22:18:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Advanced Browser\browser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nick\Desktop\Cookiegals help folder\dss.exe
C:\Documents and Settings\nick\Desktop\nick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\RamCleaner.exe -s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send To &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152887403499
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152887390889
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonde...tivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} () - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LifeView HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe



-- Files created between 2007-07-22 and 2007-08-22 -----------------------------

2007-08-22 21:10:40 506 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-22 21:09:44 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-22 21:09:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-22 21:09:43 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-22 17:33:00 0 d-------- C:\WINDOWS\system32\Panda Software
2007-08-22 17:32:53 0 d-------- C:\WINDOWS\LastGood
2007-08-22 15:12:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-22 11:34:53 20992 --a------ C:\WINDOWS\libasco.exe
2007-08-21 23:50:28 6473 --ahs---- C:\WINDOWS\system32\kjkkj.bak1
2007-08-21 23:25:21 1032192 --a------ C:\WINDOWS\system32\sqlrcmd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-21 23:25:15 0 d-------- C:\Program Files\RamCleaner
2007-08-21 16:52:35 0 d-------- C:\Documents and Settings\nick\Application Data\PC Tools
2007-08-21 16:09:27 0 d-------- C:\Program Files\Lotto007
2007-08-20 17:08:42 0 d-------- C:\Program Files\RegCure
2007-08-20 12:39:03 0 d-------- C:\Documents and Settings\nick\.housecall6.6
2007-08-20 00:07:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-19 18:33:07 0 dr-h----- C:\Documents and Settings\nick\Recent
2007-08-19 01:48:58 26 -ra------ C:\WINDOWS\system32\system82.sys
2007-08-19 01:48:56 26 -ra------ C:\WINDOWS\system32\system82.DLL
2007-08-19 01:35:36 0 d-------- C:\Program Files\Lotto007 Prediction Expert
2007-08-18 23:34:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 16:45:55 0 d-------- C:\Program Files\Camtech
2007-08-18 16:20:29 0 d-------- C:\Program Files\AZPR
2007-08-18 13:09:14 0 d-------- C:\Program Files\IObit
2007-08-18 13:03:07 0 d-------- C:\Documents and Settings\nick\Application Data\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Pointstone
2007-08-18 12:59:50 0 d-------- C:\Program Files\Common Files\Pointstone
2007-08-13 01:15:06 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-08-13 01:14:21 281 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-08-13 01:14:14 304780 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-08-13 01:13:50 0 d-------- C:\WINDOWS\system32\PAV
2007-08-13 01:13:24 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS>
2007-08-13 01:13:19 0 d-------- C:\Program Files\Panda Security
2007-08-13 01:08:14 0 d-------- C:\Program Files\Common Files\Panda Software
2007-08-13 00:04:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-11 20:50:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-11 13:00:59 0 d-------- C:\Program Files\IDoser
2007-08-10 23:32:23 0 d-------- C:\Program Files\Advanced GIF Animator
2007-08-10 18:50:18 0 d-------- C:\Program Files\Windows Live
2007-08-09 21:59:02 0 d-------- C:\Documents and Settings\nick\Contacts
2007-08-09 21:57:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-09 21:53:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-09 21:43:31 0 d-------- C:\VundoFix Backups
2007-08-08 13:15:54 48 --a------ C:\Documents and Settings\nick\readme
2007-08-08 12:30:29 0 d-------- C:\EmergencyUtils
2007-08-08 10:50:47 3732 --a------ C:\DOCyoyo.reg
2007-08-07 22:21:44 262416 --a------ C:\WINDOWS\system32\ASFV2.DLL
2007-08-07 22:21:43 15360 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>
2007-08-07 22:19:22 0 d-------- C:\WINDOWS\system32\Adobe
2007-08-07 22:17:44 7899 --a------ C:\WINDOWS\system\Iosubsys <Not Verified; TeleChips Inc.; TeleChips SCSI Adapter for Win98/ME>
2007-08-07 21:05:20 0 d-------- C:\Program Files\Support Tools
2007-08-05 11:31:20 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-05 01:13:13 0 d-------- C:\Program Files\Advanced Browser
2007-08-04 21:31:51 0 d-------- C:\Documents and Settings\nick\DoctorWeb
2007-08-02 22:10:52 0 d-------- C:\Program Files\SpywareBlaster
2007-08-02 07:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-08-01 21:18:13 0 d-------- C:\WINDOWS\system32\QuickTime
2007-08-01 21:17:49 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-08-01 21:17:13 0 d-------- C:\Program Files\TechSmith
2007-08-01 16:23:13 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Profiles
2007-08-01 16:21:01 0 d-------- C:\Documents and Settings\nick\Application Data\Avant Browser
2007-08-01 16:20:58 0 d-------- C:\Program Files\Avant Browser
2007-07-31 21:21:27 39770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2007-07-31 21:21:08 32768 --a------ C:\WINDOWS\system32\ServiceRepair.exe <Not Verified; WareSoft Software; ServiceRepair>
2007-07-31 21:21:07 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2007-07-28 23:00:01 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2007-07-28 13:42:21 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-07-28 13:17:16 0 d-------- C:\Program Files\Common Files\iS3
2007-07-28 13:17:15 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-07-28 02:00:03 8576 --a------ C:\WINDOWS\system32\drivers\ljnelkliyanu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-28 01:03:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-07-28 01:00:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Advanced Browser
2007-07-27 17:36:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-27 12:21:18 8576 --a------ C:\WINDOWS\system32\drivers\opabcojvebht.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 21:07:23 8576 --a------ C:\WINDOWS\system32\drivers\cwnsjlwkekub.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:56:09 8576 --a------ C:\WINDOWS\system32\drivers\auctfrvqnwve.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 20:45:53 0 --a------ C:\-1607639607
2007-07-26 02:20:56 8576 --a------ C:\WINDOWS\system32\drivers\jibxpfefmjvf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-26 02:12:43 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-26 00:49:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-26 00:37:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-25 20:36:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-25 20:35:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-25 20:35:43 0 d-------- C:\Documents and Settings\nick\Application Data\SUPERAntiSpyware.com
2007-07-25 14:42:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-25 14:30:02 0 d-------- C:\Program Files\LizardTech
2007-07-24 22:14:31 0 d-------- C:\WINDOWS\ERUNT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-24 22:02:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-24 22:02:04 786432 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-24 22:02:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-24 22:02:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-07-24 22:02:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-24 22:02:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-24 21:59:11 0 d-------- C:\WINDOWS\pss
2007-07-23 21:46:32 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2007-07-23 21:46:27 53248 --a------ C:\WINDOWS\vsnpstd3.dll
2007-07-23 21:46:27 20480 --a------ C:\WINDOWS\usnpstd3.exe <Not Verified; ; DelHwKey Application>
2007-07-23 21:46:27 147456 --a------ C:\WINDOWS\system32\rsnpstd3.dll <Not Verified; ; ResourceDLL>
2007-07-23 21:46:27 0 d-------- C:\Program Files\Common Files\snpstd3


-- Find3M Report ---------------------------------------------------------------

2007-08-22 15:12:30 0 d-------- C:\Program Files\Common Files
2007-08-21 21:00:28 0 d-------- C:\Program Files\Common Files\PestPatrol
2007-08-17 22:11:35 0 d-------- C:\Documents and Settings\nick\Application Data\Advanced Browser
2007-08-13 01:13:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 00:19:42 1221 --a------ C:\Program Files\f3m0.cf
2007-08-13 00:19:41 315 --a------ C:\Program Files\ErrDbg.cf
2007-08-13 00:19:41 1106 --a------ C:\Program Files\ComboFix.txt
2007-08-12 22:56:50 0 d-------- C:\Program Files\WinAce
2007-08-12 22:56:50 0 d-------- C:\Program Files\Ubisoft
2007-08-12 22:56:50 0 d-------- C:\Program Files\DivX
2007-08-12 22:56:42 0 d-------- C:\Program Files\ChessPlanet
2007-08-12 22:56:26 0 d-------- C:\Program Files\Ahead
2007-08-12 00:13:00 0 d-------- C:\Program Files\MessengerDiscovery
2007-08-11 20:50:51 0 d-------- C:\Program Files\Lavasoft
2007-08-08 15:28:51 0 d-------- C:\Program Files\Arena
2007-08-08 13:36:00 0 d-------- C:\Program Files\EMCO Malware Destroyer
2007-08-08 13:34:04 0 d-------- C:\Program Files\Microsoft Bootvis
2007-08-06 21:29:49 0 d-------- C:\Program Files\Mouse Driver
2007-08-06 21:28:59 0 d-------- C:\Program Files\Multimedia Keyboard
2007-08-02 01:00:32 0 d-------- C:\Program Files\Remote Desktop Control
2007-07-31 12:31:03 0 d-------- C:\Documents and Settings\nick\Application Data\InternetCalls
2007-07-28 02:55:40 0 d-------- C:\Program Files\TVR
2007-07-28 02:52:19 0 d-------- C:\Program Files\Messenger
2007-07-28 02:35:44 0 d-------- C:\Program Files\Ace Utilities
2007-07-25 14:43:56 0 d-------- C:\Documents and Settings\nick\Application Data\Adobe
2007-07-25 14:42:14 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-23 12:54:15 0 d-------- C:\Program Files\InfiniaChess
2007-07-22 00:06:46 0 d-------- C:\Program Files\PCPitstop
2007-07-19 23:15:51 0 d-------- C:\Documents and Settings\nick\Application Data\Lavasoft
2007-07-18 20:28:29 0 d-------- C:\Documents and Settings\nick\Application Data\Google
2007-07-16 23:16:44 0 d-------- C:\Program Files\Game Accelerator
2007-07-16 15:02:58 0 d-------- C:\Program Files\WinPopup Speak
2007-07-15 22:16:20 0 d-------- C:\Program Files\SCAR 3.06
2007-07-15 22:16:14 0 d-------- C:\Program Files\SCAR 3.05
2007-07-15 22:15:57 0 d-------- C:\Program Files\ServersCheck_RemoteBooting
2007-07-15 21:41:40 164 --a------ C:\install.dat
2007-07-15 01:03:03 24 --a------ C:\WINDOWS\twin.dll
2007-07-14 18:16:51 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-14 18:15:38 56 -rahs---- C:\WINDOWS\system32\B0DE9BE21E.sys
2007-07-13 22:15:26 0 d-------- C:\Program Files\Speed Gear 5
2007-07-01 23:31:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:22:21 0 d-------- C:\Documents and Settings\nick\Application Data\Aquarius Soft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"RamCleaner"="C:\Program Files\RamCleaner\RamCleaner.exe" [2007-08-18 09:47]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjk]
C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"<NO NAME>"=
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"RecSche"="C:\Program Files\TVR\RecSche.exe"
"GameXL"=
"CreativeMouse"="C:\Program Files\Mouse Driver\MouseDrv.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe




-- End of Deckard's System Scanner: finished at 2007-08-22 22:20:39


-------------------------------------------------------------------------------------------------------------


SmitFraudFix v2.211

Scan done at 22:26:24.96, 2007-08-22
Run from C:\Documents and Settings\nick\Desktop\Cookiegals help folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Advanced Browser\browser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nick


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nick\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nick\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\hanonvt.ini"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA PCI 10/100Mb Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 62.30.0.39
DNS Server Search Order: 195.188.53.175
DNS Server Search Order: 62.31.112.39

HKLM\SYSTEM\CCS\Services\Tcpip\..\{81963E5C-0CD6-4227-9B4A-0EE5E2E58B85}: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81963E5C-0CD6-4227-9B4A-0EE5E2E58B85}: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39
HKLM\SYSTEM\CS3\Services\Tcpip\..\{81963E5C-0CD6-4227-9B4A-0EE5E2E58B85}: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.30.0.39 195.188.53.175 62.31.112.39


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


------------------------------------------------------------------------------------------------------------------------------
  • 0

#13
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi thebeast,

We are getting there. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

----------------------------------------------------------------

We need to run SmitfraudFix again, but in a different way.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Reboot to Normal Mode.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
----------------------------------------------------------------

Information to include in your next post:
  • SmitfraudFix Report
  • Kapersky Scan Log
  • Fresh HiJack This Log
  • Give me an update on how the computer is running

  • 0

#14
thebeast

thebeast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
its masive, it will take me like an hour to paste everything on, they are all like websites, and pretty rude websites at that lol il copy a few, is there a way to upload the file?

SmitFraudFix v2.211

Scan done at 12:49:01.67, 2007-08-23
Run from C:\Documents and Settings\nick\Desktop\Cookiegals help folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 media.adcentriconline.com
127.0.0.1 publicis.adcentriconline.com
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com

im running kapersky now

Edited by thebeast, 23 August 2007 - 06:09 AM.

  • 0

#15
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
The best way to do it is to copy and paste. If it is absolutely necessary you can upload a .txt file. When you make a post there is a button at the bottom right that says "browse". Just browse to the file and upload it.

Also, dont forget the rest of the items in the fix, and let me know how things are running :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP