Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

POS.tmp files on C and My Documents

Started by DannyJoe , Feb 22 2008 03:54 PM

Please log in to reply

#1
DannyJoe

Posted 22 February 2008 - 03:54 PM

Member

Member
14 posts

Hey! First of all, I want to thank you guys for what you're doing. It seems I'm not the only one with this problem, but I've been trying to follow your forums and get rid of these POS files by myself. I also seem to be getting an error when i start up windows. It says that a scan has found potential errors. Is this part of the trojan that i have? or, could it be something else? Some things that i've done seem to have worked. But, here is my HijackThis Log.
Once again, thank you for taking your time out and help other people with their issues. Its a great thing you guys are doing!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:01 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Documents and Settings\a109\Application Data\WinTouch\WinTouch.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [d80d9d07] rundll32.exe "C:\WINDOWS\system32\xtdpixer.dll",b
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BMdb3eae9b] Rundll32.exe "C:\WINDOWS\system32\ncxlufxs.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\a109\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fizq] C:\PROGRA~1\COMMON~1\fizq\fizqm.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8518 bytes

#2
SNOWHITE

Posted 22 February 2008 - 11:12 PM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe and welcome to Geeks to Go,

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below:

A guide and tutorial on using ComboFix can be found at the following link http://www.bleepingc...to-use-combofix

1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

In your next post please include the following reports:

ComboFix report
New HijackThis log (run after ComboFix has finished its work.)

Let me know how the things will go.

Regards,

#3
DannyJoe

Posted 23 February 2008 - 10:09 AM

Member

Topic Starter
Member
14 posts

ok so here is my combofix log
under it, i'll put my hijack log
once again, i cant express how much i appreciate your help

ComboFix 08-02-23.2 - a109 2008-02-23 10:50:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.625 [GMT -5:00]
Running from: C:\Documents and Settings\a109\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\a109\Application Data\MCROSO~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\ystem3~1
C:\Program Files\inetget2
C:\Program Files\Messenger\gipazebo89104.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe
C:\WINDOWS\system32\a1
C:\WINDOWS\SYSTEM32\kevofsws.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\qrutv.ini
C:\WINDOWS\SYSTEM32\qrutv.ini2
C:\WINDOWS\system32\sfyrxdyf.dll
C:\WINDOWS\system32\sfyrxdyf.dllbox
C:\WINDOWS\system32\v6
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\windows

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 23:37 . 2008-02-22 23:37 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-22 13:28 . 2008-02-22 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 13:27 . 2008-02-22 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:13 . 2008-02-22 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 01:43 . 2008-02-22 01:44 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 01:21 . 2008-02-22 22:17 <DIR> d-------- C:\VundoFix Backups
2008-02-22 00:20 . 2008-02-22 00:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-21 23:03 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-02-21 23:00 . 2005-05-24 18:23 288,320 -ra------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-02-21 22:59 . 2008-02-21 23:02 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-21 22:59 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\SYSTEM32\mcinsctl.dll
2008-02-21 22:45 . 2008-02-21 22:45 1,219 --a------ C:\WINDOWS\mozver.dat
2008-02-21 12:45 . 2008-02-22 16:56 70,895 --a------ C:\WINDOWS\BMdb3eae9b.xml
2008-02-21 12:45 . 2008-02-22 21:34 21 --a------ C:\WINDOWS\pskt.ini
2008-02-20 23:57 . 2008-02-20 23:59 <DIR> d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-20 23:55 . 2008-02-20 23:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-20 23:53 . 2008-02-21 22:52 41,280 --a------ C:\WINDOWS\SYSTEM32\Status.MPF
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Program Files\McAfee
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-20 23:48 . 2006-03-01 11:34 131,072 --------- C:\WINDOWS\SYSTEM32\mclsp.dll
2008-02-20 23:48 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe
2008-02-20 23:48 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2008-02-20 23:47 . 2008-02-21 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-20 23:43 . 2008-02-22 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 21:13 . 2008-02-20 21:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 21:13 . 2008-02-20 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:40 . 2008-02-20 20:40 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-20 15:12 . 2008-02-20 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-20 14:10 . 2008-02-22 02:59 <DIR> d-------- C:\Program Files\Common Files\fizq
2008-02-20 13:10 . 2008-02-20 13:10 <DIR> d-------- C:\Program Files\JavaCore
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-20 00:26 . 2008-02-20 10:10 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-20 00:24 . 2008-02-23 10:55 3,284 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-19 21:09 . 2008-02-20 12:38 <DIR> d-------- C:\WINDOWS\Wireless
2008-02-18 10:24 . 2008-02-22 16:39 <DIR> d--hs---- C:\WINDOWS\YTEwOQ
2008-02-18 10:24 . 2008-02-23 10:50 <DIR> d-------- C:\Temp
2008-02-18 10:18 . 2008-02-18 10:18 <DIR> d-------- C:\WINDOWS\Sun
2008-02-14 11:05 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\VstPlugins
2008-02-14 11:05 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-02-14 11:05 . 2006-06-20 03:56 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-02-14 11:03 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\Image-Line
2008-02-13 18:55 . 2008-02-13 18:55 628,419 --a------ C:\duet.mp3
2008-02-13 15:53 . 2008-02-13 18:55 652 --a------ C:\WINDOWS\netdet.ini
2008-02-13 10:38 . 2008-02-22 00:54 7 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME
2008-02-12 22:28 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\SlowBlast
2008-02-12 22:28 . 2008-02-13 17:16 <DIR> d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 22:28 . 1998-06-09 00:00 137,216 --a------ C:\WINDOWS\SYSTEM32\Msderun.dll
2008-02-12 22:28 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2008-02-12 22:27 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-12 22:27 . 1998-09-02 03:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-02-12 22:27 . 1998-08-26 23:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-02-12 22:27 . 1998-08-20 06:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-02-12 22:27 . 1998-09-02 03:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-02-12 22:27 . 1998-09-02 03:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-02-12 22:27 . 1998-08-17 04:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-02-12 22:27 . 1998-08-17 04:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-02-12 22:27 . 1998-08-17 04:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-02-12 22:27 . 1997-07-15 06:53 4,608 --a------ C:\WINDOWS\SYSTEM32\W95Inf32.DLL
2008-02-12 22:27 . 1997-07-15 06:53 2,272 --a------ C:\WINDOWS\SYSTEM32\W95Inf16.DLL
2008-02-12 18:40 . 2008-02-12 18:40 38,579 --a------ C:\pj.jpg
2008-02-12 16:58 . 2008-02-12 16:58 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 16:57 . 2008-02-12 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 16:54 . 2008-02-12 16:54 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 16:53 . 2008-02-12 16:53 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 16:52 . 2008-02-22 02:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\AOD
2008-02-12 16:52 . 2008-02-13 17:13 <DIR> d-------- C:\Program Files\AIM
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 16:44 . 2008-02-12 16:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\ANI
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\D-Link
2008-02-12 16:29 . 2007-07-28 14:50 517,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys
2008-02-12 16:28 . 2008-02-12 16:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 16:21 . 2008-02-12 16:21 5 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}
2008-01-28 22:56 . 2008-01-28 22:56 1,612,795 --a------ C:\Love.jpg
2008-01-25 14:27 . 2008-01-25 14:27 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 14:20 . 2008-01-25 14:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 14:05 . 2008-01-25 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-25 14:04 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\SYSTEM32\dbmsqlgc.dll
2008-01-25 14:04 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsgnet.dll
2008-01-25 14:03 . 2008-01-25 14:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-25 14:03 . 2008-01-25 14:18 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-25 14:02 . 2008-01-25 14:02 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-25 14:02 . 2008-01-25 14:24 <DIR> d-------- C:\Program Files\Autodesk
2008-01-25 14:02 . 2005-07-27 13:43 150,224 --a------ C:\WINDOWS\SYSTEM32\RGB9Rast_1.dll
2008-01-24 23:49 . 2008-01-26 20:51 <DIR> d-------- C:\Photoshop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 18:35 --------- d-----w C:\Program Files\Roxio ----------
2008-01-05 00:16 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2007-12-27 18:32 7,680 --sha-w C:\Program Files\Thumbs.db
2007-12-24 02:28 --------- d-----w C:\Program Files\InterActual
2007-11-28 01:23 54,330,664 ----a-w C:\iTunes75Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f27e92cb-0d3b-41dd-bc2e-04877dff59b3}]
C:\WINDOWS\system32\eptfftvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4af56cb-9b3a-4681-a845-9d4cc9b4e3d1}]
C:\WINDOWS\system32\xbwnvqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 13:10 144896]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
"fizq"="C:\PROGRA~1\COMMON~1\fizq\fizqm.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 09:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 14:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 20:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljif]
pmnljif.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"H:\\Programs\\CS USB\\root\\cstrike.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 05:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 05:31]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" [2005-05-04 00:04]
R2 PBKNTService;PBKNTService;C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe [2005-09-15 02:00]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" [2005-05-03 21:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 23:37:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 10:56:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
.
**************************************************************************
.
Completion time: 2008-02-23 11:00:03 - machine was rebooted [a109]
ComboFix-quarantined-files.txt 2008-02-23 15:59:59

-------------------------------------------------Hijack log below-------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:07 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {3b95ffd7-7840-e2cb-dd14-b3d0bc29e72f} - {f27e92cb-0d3b-41dd-bc2e-04877dff59b3} - C:\WINDOWS\system32\eptfftvs.dll (file missing)
O2 - BHO: (no name) - {f4af56cb-9b3a-4681-a845-9d4cc9b4e3d1} - C:\WINDOWS\system32\xbwnvqq.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fizq] C:\PROGRA~1\COMMON~1\fizq\fizqm.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnljif - pmnljif.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8182 bytes

thank you so much

#4
SNOWHITE

Posted 24 February 2008 - 02:16 PM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe

Lets first set up Recovery Console to make sure we have another solution if something goes on worse.

Go to Microsoft's website => http://www.microsoft...;displaylang=en

Click on the Download button. Download the file & save it as it's originally named, next to ComboFix.exe

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Regards,

#5
DannyJoe

Posted 24 February 2008 - 05:26 PM

Member

Topic Starter
Member
14 posts

Here you go! I hope this works, but i have full faith in what you're doing!!

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

#6
SNOWHITE

Posted 24 February 2008 - 07:46 PM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the code below into it:

File::
C:\WINDOWS\BMdb3eae9b.xml
C:\WINDOWS\pskt.ini

Folder::
C:\Program Files\Common Files\fizq

Suspect::[29]
C:\Program Files\JavaCore\JavaCore.exe

DirLook::
C:\Program Files\JavaCore
C:\WINDOWS\YTEwOQ

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f27e92cb-0d3b-41dd-bc2e-04877dff59b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4af56cb-9b3a-4681-a845-9d4cc9b4e3d1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fizq"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljif]

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Save this as "CFScript"

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. Additonally, ComboFix will generate the following files on your desktop

A zipped file on your desktop called Submit [Date Time].zip
And another file named - CF-Submit.htm

ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

Click on the file to Select it.
Submit the file by clicking "OK"

Once the file has been submitted, please DELETE both files on your desktop.

Step #2

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log (run after ComboFix has finished its work.)
Kaspersky scan report.

Regards,

#7
DannyJoe

Posted 24 February 2008 - 10:20 PM

Member

Topic Starter
Member
14 posts

okay it took a little while but here it is

----------------------COMBO LOG ------------------------

ComboFix 08-02-23.2 - a109 2008-02-24 21:46:32.6 - NTFSx86
Running from: C:\Documents and Settings\a109\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\a109\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BMdb3eae9b.xml
C:\WINDOWS\pskt.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\fizq
C:\WINDOWS\BMdb3eae9b.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-22 23:37 . 2008-02-22 23:37 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-22 13:28 . 2008-02-22 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 13:27 . 2008-02-22 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:13 . 2008-02-22 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 01:43 . 2008-02-22 01:44 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 01:21 . 2008-02-23 11:20 <DIR> d-------- C:\VundoFix Backups
2008-02-22 00:20 . 2008-02-22 00:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-21 23:03 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-02-21 23:00 . 2005-05-24 18:23 288,320 -ra------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-02-21 22:59 . 2008-02-21 23:02 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-21 22:59 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\SYSTEM32\mcinsctl.dll
2008-02-21 22:45 . 2008-02-21 22:45 1,219 --a------ C:\WINDOWS\mozver.dat
2008-02-20 23:57 . 2008-02-20 23:59 <DIR> d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-20 23:55 . 2008-02-20 23:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-20 23:53 . 2008-02-21 22:52 41,280 --a------ C:\WINDOWS\SYSTEM32\Status.MPF
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Program Files\McAfee
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-20 23:48 . 2006-03-01 11:34 131,072 --------- C:\WINDOWS\SYSTEM32\mclsp.dll
2008-02-20 23:48 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe
2008-02-20 23:48 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2008-02-20 23:47 . 2008-02-21 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-20 23:43 . 2008-02-22 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 21:13 . 2008-02-20 21:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 21:13 . 2008-02-20 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:40 . 2008-02-20 20:40 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-20 15:12 . 2008-02-20 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-20 13:10 . 2008-02-24 21:46 <DIR> d-------- C:\Program Files\JavaCore
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-20 00:26 . 2008-02-20 10:10 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-20 00:24 . 2008-02-24 21:43 3,284 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-19 21:09 . 2008-02-20 12:38 <DIR> d-------- C:\WINDOWS\Wireless
2008-02-18 10:24 . 2008-02-22 16:39 <DIR> d--hs---- C:\WINDOWS\YTEwOQ
2008-02-18 10:24 . 2008-02-23 10:50 <DIR> d-------- C:\Temp
2008-02-18 10:18 . 2008-02-18 10:18 <DIR> d-------- C:\WINDOWS\Sun
2008-02-14 11:05 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\VstPlugins
2008-02-14 11:05 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-02-14 11:05 . 2006-06-20 03:56 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-02-14 11:03 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\Image-Line
2008-02-13 18:55 . 2008-02-13 18:55 628,419 --a------ C:\duet.mp3
2008-02-13 15:53 . 2008-02-13 18:55 652 --a------ C:\WINDOWS\netdet.ini
2008-02-13 10:38 . 2008-02-22 00:54 7 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME
2008-02-12 22:28 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\SlowBlast
2008-02-12 22:28 . 2008-02-13 17:16 <DIR> d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 22:28 . 1998-06-09 00:00 137,216 --a------ C:\WINDOWS\SYSTEM32\Msderun.dll
2008-02-12 22:28 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2008-02-12 22:27 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-12 22:27 . 1998-09-02 03:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-02-12 22:27 . 1998-08-26 23:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-02-12 22:27 . 1998-08-20 06:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-02-12 22:27 . 1998-09-02 03:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-02-12 22:27 . 1998-09-02 03:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-02-12 22:27 . 1998-08-17 04:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-02-12 22:27 . 1998-08-17 04:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-02-12 22:27 . 1998-08-17 04:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-02-12 22:27 . 1997-07-15 06:53 4,608 --a------ C:\WINDOWS\SYSTEM32\W95Inf32.DLL
2008-02-12 22:27 . 1997-07-15 06:53 2,272 --a------ C:\WINDOWS\SYSTEM32\W95Inf16.DLL
2008-02-12 18:40 . 2008-02-12 18:40 38,579 --a------ C:\pj.jpg
2008-02-12 16:58 . 2008-02-12 16:58 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 16:57 . 2008-02-12 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 16:54 . 2008-02-12 16:54 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 16:53 . 2008-02-12 16:53 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 16:52 . 2008-02-22 02:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\AOD
2008-02-12 16:52 . 2008-02-13 17:13 <DIR> d-------- C:\Program Files\AIM
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 16:44 . 2008-02-12 16:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\ANI
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\D-Link
2008-02-12 16:29 . 2007-07-28 14:50 517,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys
2008-02-12 16:28 . 2008-02-12 16:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 16:21 . 2008-02-12 16:21 5 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}
2008-01-28 22:56 . 2008-01-28 22:56 1,612,795 --a------ C:\Love.jpg
2008-01-25 14:27 . 2008-01-25 14:27 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 14:20 . 2008-01-25 14:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 14:05 . 2008-01-25 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-25 14:04 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\SYSTEM32\dbmsqlgc.dll
2008-01-25 14:04 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsgnet.dll
2008-01-25 14:03 . 2008-01-25 14:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-25 14:03 . 2008-01-25 14:18 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-25 14:02 . 2008-01-25 14:02 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-25 14:02 . 2008-01-25 14:24 <DIR> d-------- C:\Program Files\Autodesk
2008-01-25 14:02 . 2005-07-27 13:43 150,224 --a------ C:\WINDOWS\SYSTEM32\RGB9Rast_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 18:35 --------- d-----w C:\Program Files\Roxio ----------
2008-01-05 00:16 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2007-12-27 18:32 7,680 --sha-w C:\Program Files\Thumbs.db
2007-11-28 01:23 54,330,664 ----a-w C:\iTunes75Setup.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\JavaCore ----

2008-02-20 13:10 144896 --a------ C:\Program Files\JavaCore\JavaCore.exe
2008-02-20 13:10 10752 --a------ C:\Program Files\JavaCore\UnInstall.exe

---- Directory of C:\WINDOWS\YTEwOQ ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 13:10 144896]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 09:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 14:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 20:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"H:\\Programs\\CS USB\\root\\cstrike.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 05:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 05:31]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" [2005-05-04 00:04]
R2 PBKNTService;PBKNTService;C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe [2005-09-15 02:00]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" [2005-05-03 21:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 23:37:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 21:48:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 21:49:39
ComboFix-quarantined-files.txt 2008-02-25 02:49:37
ComboFix2.txt 2008-02-23 16:00:03

---------------------------------------HIJACK THIS LOG -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:29 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 7887 bytes

and Last but not Least
-------------------------------------------Kasper Log---------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 11:17:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/02/2008
Kaspersky Anti-Virus database records: 578854
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 67536
Number of viruses found: 8
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 01:04:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cert8.db Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\history.dat Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\key3.db Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\parent.lock Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\search.sqlite Object is locked skipped
C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\a109\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\a109\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Temp\IMGE.tmp Object is locked skipped
C:\Documents and Settings\a109\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\a109\ntuser.dat Object is locked skipped
C:\Documents and Settings\a109\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Autodesk\VaultServer\FileStore\vlog-20080224.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\JavaCore\JavaCore.exe Infected: not-a-virus:AdWare.Win32.Insider.b skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\KnowledgeVaultMaster.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\KnowledgeVaultMaster_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\gipazebo89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\p9\liopud89104.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\p9\liopud89104.exe.vir NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-3617151546-1125818496-2942723268-1005\Dc1.zip/JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.b skipped
C:\RECYCLER\S-1-5-21-3617151546-1125818496-2942723268-1005\Dc1.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041627.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gr skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041627.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041635.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041657.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041660.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041673.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041675.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041676.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0041678.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0041785.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0041788.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0041788.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP374\change.log Object is locked skipped
C:\VundoFix Backups\awvvu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\VundoFix Backups\ayaejfll.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\eptfftvs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jpgvjjtn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ncxlufxs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rvvsrcyc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\sbwhbnab.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\VundoFix Backups\xtdpixer.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8
SNOWHITE

Posted 27 February 2008 - 08:29 PM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe, sorry for the delay.

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the codebox below into it:

File::
C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe

Folder::
C:\Program Files\JavaCore
C:\WINDOWS\YTEwOQ

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"=-

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #2

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step #3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
On the Scanner tab:
- Make sure the "Perform Quick Acan" option is selected.
- Then click on the Scan button.
The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.

Please post back with Combofix report, Malwarebytes Anti-Malware report and new HijackThis, let me know how is the computer running.

Regards,

#9
DannyJoe

Posted 27 February 2008 - 10:37 PM

Member

Topic Starter
Member
14 posts

No worries for the delay
I just appreciate all you're doing for me :-)
here's the combo fix log

ComboFix 08-02-23.2 - a109 2008-02-27 23:16:17.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.519 [GMT -5:00]
Running from: C:\Documents and Settings\a109\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\a109\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\a109\Application Data\Microsoft\Windows\uynwubv.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\WINDOWS\YTEwOQ

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-24 21:58 . 2008-02-24 21:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-24 21:58 . 2008-02-24 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 23:37 . 2008-02-22 23:37 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-22 13:28 . 2008-02-22 22:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 13:27 . 2008-02-22 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:13 . 2008-02-22 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 01:43 . 2008-02-22 01:44 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 01:21 . 2008-02-23 11:20 <DIR> d-------- C:\VundoFix Backups
2008-02-22 00:20 . 2008-02-22 00:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-21 23:03 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-02-21 23:00 . 2005-05-24 18:23 288,320 -ra------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-02-21 22:59 . 2008-02-21 23:02 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-21 22:59 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\SYSTEM32\mcinsctl.dll
2008-02-21 22:45 . 2008-02-21 22:45 1,219 --a------ C:\WINDOWS\mozver.dat
2008-02-20 23:57 . 2008-02-20 23:59 <DIR> d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-20 23:55 . 2008-02-20 23:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-20 23:53 . 2008-02-21 22:52 41,280 --a------ C:\WINDOWS\SYSTEM32\Status.MPF
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Program Files\McAfee
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-20 23:48 . 2006-03-01 11:34 131,072 --------- C:\WINDOWS\SYSTEM32\mclsp.dll
2008-02-20 23:48 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe
2008-02-20 23:48 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2008-02-20 23:47 . 2008-02-21 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-20 23:43 . 2008-02-22 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 21:13 . 2008-02-20 21:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 21:13 . 2008-02-20 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:40 . 2008-02-20 20:40 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-20 15:12 . 2008-02-20 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-20 00:26 . 2008-02-20 10:10 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-20 00:24 . 2008-02-26 21:15 3,284 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-19 21:09 . 2008-02-20 12:38 <DIR> d-------- C:\WINDOWS\Wireless
2008-02-18 10:24 . 2008-02-23 10:50 <DIR> d-------- C:\Temp
2008-02-18 10:18 . 2008-02-18 10:18 <DIR> d-------- C:\WINDOWS\Sun
2008-02-14 11:05 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\VstPlugins
2008-02-14 11:05 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-02-14 11:05 . 2006-06-20 03:56 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-02-14 11:03 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\Image-Line
2008-02-13 18:55 . 2008-02-13 18:55 628,419 --a------ C:\duet.mp3
2008-02-13 15:53 . 2008-02-13 18:55 652 --a------ C:\WINDOWS\netdet.ini
2008-02-13 10:38 . 2008-02-22 00:54 7 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME
2008-02-12 22:28 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\SlowBlast
2008-02-12 22:28 . 2008-02-13 17:16 <DIR> d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 22:28 . 1998-06-09 00:00 137,216 --a------ C:\WINDOWS\SYSTEM32\Msderun.dll
2008-02-12 22:28 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2008-02-12 22:27 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-12 22:27 . 1998-09-02 03:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-02-12 22:27 . 1998-08-26 23:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-02-12 22:27 . 1998-08-20 06:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-02-12 22:27 . 1998-09-02 03:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-02-12 22:27 . 1998-09-02 03:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-02-12 22:27 . 1998-08-17 04:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-02-12 22:27 . 1998-08-17 04:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-02-12 22:27 . 1998-08-17 04:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-02-12 22:27 . 1997-07-15 06:53 4,608 --a------ C:\WINDOWS\SYSTEM32\W95Inf32.DLL
2008-02-12 22:27 . 1997-07-15 06:53 2,272 --a------ C:\WINDOWS\SYSTEM32\W95Inf16.DLL
2008-02-12 18:40 . 2008-02-12 18:40 38,579 --a------ C:\pj.jpg
2008-02-12 16:58 . 2008-02-12 16:58 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 16:57 . 2008-02-12 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 16:54 . 2008-02-12 16:54 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 16:53 . 2008-02-12 16:53 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 16:52 . 2008-02-22 02:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\AOD
2008-02-12 16:52 . 2008-02-13 17:13 <DIR> d-------- C:\Program Files\AIM
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 16:44 . 2008-02-12 16:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\ANI
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\D-Link
2008-02-12 16:29 . 2007-07-28 14:50 517,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys
2008-02-12 16:28 . 2008-02-12 16:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 16:21 . 2008-02-12 16:21 5 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}
2008-01-28 22:56 . 2008-01-28 22:56 1,612,795 --a------ C:\Love.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 19:28 --------- d-----w C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 19:27 --------- d-----w C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 19:24 --------- d-----w C:\Program Files\Autodesk
2008-01-25 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-25 19:18 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-25 19:03 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 19:02 --------- d-----w C:\Program Files\Microsoft WSE
2008-01-25 18:35 --------- d-----w C:\Program Files\Roxio ----------
2008-01-05 00:16 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2007-12-27 18:32 7,680 --sha-w C:\Program Files\Thumbs.db
2007-11-28 01:23 54,330,664 ----a-w C:\iTunes75Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 09:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 14:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 20:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"H:\\Programs\\CS USB\\root\\cstrike.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 05:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 05:31]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" [2005-05-04 00:04]
R2 PBKNTService;PBKNTService;C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe [2005-09-15 02:00]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" [2005-05-03 21:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 23:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 23:18:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 23:19:20
ComboFix-quarantined-files.txt 2008-02-28 04:19:12
ComboFix2.txt 2008-02-25 02:49:39
ComboFix3.txt 2008-02-23 16:00:03

---------------------------------------------------------------------------------------------------------------------------
Here is the mbam log

Malwarebytes' Anti-Malware 1.05
Database version: 419

Scan type: Quick Scan
Objects scanned: 25884
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------------------------------------------------------
And last but not least .. the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:13 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 7692 bytes

since the last post, my computer's been running quite fast
there is still a red X over my C drive tho
I'm not sure what to do about that
but everything else seems to be running fairly smooth

#10
SNOWHITE

Posted 29 February 2008 - 12:02 AM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe,

since the last post, my computer's been running quite fast
there is still a red X over my C drive tho
I'm not sure what to do about that
but everything else seems to be running fairly smooth

Lets try this:

Click start> Run, copy&paste next line into runbox:

regedit /a c:\driveicons_back.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons"

Press OK.

Next,

Save text below as fixme.reg on Notepad. Save it as All Files and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]

The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Locate fixme.reg on your Desktop and double-click on it. It should look like this -> Posted Image

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Afterwards reboot. Check if the red X is gone now and let me know.

Regards,

#11
DannyJoe

Posted 29 February 2008 - 09:40 AM

Member

Topic Starter
Member
14 posts

YAY!!!! No more Red X of DOOM! (thats what I liked to call it, atleast...)

how's that last set of logs looking? hopefully everything is running smoothly now.
I also have another question for you... since i've been on this site, i've downloaded numerous Anti-virus programs
here's a list of what i have... i dont want them to start fighting w/ eachother and mess up my computer
so would you be able to suggest what i should keep and what i should delete, please??

ATF Cleaner
CCleaner
HijackThis
Combofix
McAfee
SUPER Anti Spyware (Free Edition)
VundoFix
MalwareBytes

nothing seems to be having any problems working together, but i just dont want anymore problems in the future
so just a suggestion would be nice

thank you very very much!!

#12
SNOWHITE

Posted 04 March 2008 - 03:22 AM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe,

ATF Cleaner
CCleaner
HijackThis
Combofix
McAfee
SUPER Anti Spyware (Free Edition)
VundoFix
MalwareBytes <-- this is antispyware program, the free version doesn't have real time detection, update it manually and scan with it from time to time, you can find support forums here.

None of the programs will conflict with each other, we are just going to remove combofix and vundofix, since they are meant to be used under supervision of experts.

Click start>Run, copy&paste next line into runbox:

combofix /u

Press OK.

Please run this online scan:

Panda ActiveScan

Once you are on the Panda site, click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report.

Next, Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Post back with Panda Active Scan report, and dss reports main.txt & extra.txt.

Regards,

#13
DannyJoe

Posted 04 March 2008 - 10:32 AM

Member

Topic Starter
Member
14 posts

okay, here is the panda log

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.atwola.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.247realmedia.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[counter.hitslink.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\a109\Application Data\Mozilla\Firefox\Profiles\g4o55p67.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\a109\Cookies\a109@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\a109\Cookies\a109@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\a109\Cookies\a109@atwola[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\a109\Cookies\a109@doubleclick[2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\a109\Cookies\a109@mediaplex[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\w4rbjydg.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\w4rbjydg.default\cookies.txt[.enhance.com/]

---------------------------------------------------------------------------------------------------------------------------------------------------------
Here is the Extra.txt log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 1021.98 MiB / 335.63 MiB
Pagefile Memory (total/avail): 2463.14 MiB / 1896.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 29.85 GiB free.
D: is Removable (No Media)
E: is CDROM (UDF)

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250

\\.\PHYSICALDRIVE0 - WDC WD800BB-75FRA0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is not configured.
AUState says computer is in an unknown state.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\\Programs\\CS USB\\root\\cstrike.exe"="H:\\Programs\\CS USB\\root\\cstrike.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

-- Environment Variables -------------------------------------------------------

AIP_LOCALE110=all
AIP_ROOT110=C:\Program Files\Autodesk\Inventor 11\Stress Analysis
ALLUSERSPROFILE=C:\Documents and Settings\All Users
ANSYS_SYSDIR=Intel
APPDATA=C:\Documents and Settings\a109\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DGCFZ641
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\a109
LOGONSERVER=\\DGCFZ641
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Autodesk\Data Management Server 5\Server\Web\Services\bin;Autodesk Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\a109\LOCALS~1\Temp
TMP=C:\DOCUME~1\a109\LOCALS~1\Temp
USERDOMAIN=DGCFZ641
USERNAME=a109
USERPROFILE=C:\Documents and Settings\a109
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

a109 (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk Data Management Server 5 --> MsiExec.exe /I{1D9151C2-FBDB-48B9-B3BF-69A8274820D6}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk Inventor Professional 11 --> MsiExec.exe /I{7F4DD591-1100-0409-0000-7107D70F3DB4}
Cakewalk Guitar Tracks 2.0 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
D-Link RangeBooster N DWA-140 --> C:\Program Files\InstallShield Installation Information\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}\setup.exe -runfromtemp -l0x0009 -removeonly
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Drag and Drop Drummer Lite --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DDDLITE.INF, DefaultUninstall.ntx86
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Free Fire Screensaver --> C:\Program Files\Free Fire Screensaver\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel ® Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Uninstall Wizard --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MDSolids --> C:\WINDOWS\iun3405.exe C:\Program Files\MDSolids
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (AUTODESKVAULT) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Photo TurboBackup --> C:\Program Files\FileStream\Photo TurboBackup\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RCT3 Soaked --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
SlowBlast! --> C:\PROGRA~1\SLOWBL~1\UNWISE.EXE C:\PROGRA~1\SLOWBL~1\INSTALL.LOG
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Print Shop 21 --> MsiExec.exe /I{02BE2B07-33B5-426A-AFC3-9A5A6AEC5FB6}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type10226 / Error
Event Submitted/Written: 03/02/2008 06:24:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rct3plus.exe, version 3.2.8.13, faulting module rct3plus.exe, version 3.2.8.13, fault address 0x000f1263.
Processing media-specific event for [rct3plus.exe!ws!]

Event Record #/Type10208 / Warning
Event Submitted/Written: 03/02/2008 02:46:45 PM
Event ID/Source: 19011 / MSSQL$AUTODESKVAULT
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10168 / Error
Event Submitted/Written: 03/02/2008 01:15:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iPlayer.exe, version 2.60.12.405, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10145 / Error
Event Submitted/Written: 03/01/2008 02:26:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Autorun.exe, version 0.0.0.0, faulting module Autorun.exe, version 0.0.0.0, fault address 0x0001a790.
Processing media-specific event for [Autorun.exe!ws!]

Event Record #/Type10144 / Error
Event Submitted/Written: 03/01/2008 02:26:52 PM
Event ID/Source: 1005 / Application Error
Event Description:
Windows cannot access the file E:\Autorun.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Autorun.exe because of this error.

Program: Autorun.exe
File: E:\Autorun.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000013
Disk type: 5

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type8241 / Warning
Event Submitted/Written: 03/04/2008 10:01:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8226 / Warning
Event Submitted/Written: 03/03/2008 11:28:47 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8225 / Warning
Event Submitted/Written: 03/03/2008 09:41:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8217 / Warning
Event Submitted/Written: 03/03/2008 04:25:55 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type8216 / Warning
Event Submitted/Written: 03/02/2008 03:36:00 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-03-04 11:29:37 ------------

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
and here is the Main

Deckard's System Scanner v20071014.68
Run by a109 on 2008-03-04 11:27:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-03-04 16:27:35 UTC - RP387 - Deckard's System Scanner Restore Point
1: 2008-03-04 14:39:46 UTC - RP386 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as a109.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:00 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a109\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\a109.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 7943 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\a109\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
R2 Autodesk Data Management Job Dispatch - "c:\program files\autodesk\data management server 5\server\dispatch\connectivity.windowsservice.jobdispatch.exe" <Not Verified; Autodesk Inc; Autodesk Vault R5.0>
R2 Autodesk EDM Server - "c:\program files\autodesk\data management server 5\server\webserver\connectivity.edmws.server.exe"
R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
R2 PBKNTService - c:\progra~1\filest~1\photot~1\pbkntservice.exe

S3 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-26 18:37:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 10:03:35 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-04 09:45:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-04 09:45:51 0 d-------- C:\WINDOWS\LastGood
2008-03-02 15:06:26 0 d-------- C:\break
2008-03-02 14:47:05 0 dr-h----- C:\Documents and Settings\a109\Recent
2008-03-02 11:41:30 0 d-------- C:\Program Files\uTorrent
2008-03-02 11:41:18 0 d-------- C:\Documents and Settings\a109\Application Data\uTorrent
2008-03-01 14:43:36 0 d-------- C:\ATI
2008-03-01 14:34:29 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-03-01 14:27:21 0 d-------- C:\Documents and Settings\a109\Application Data\Atari
2008-03-01 14:25:38 0 d-------- C:\Documents and Settings\a109\Application Data\Leadertech
2008-03-01 14:25:08 197120 --a------ C:\WINDOWS\patchw32.dll
2008-03-01 14:25:08 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-03-01 14:21:50 0 d-------- C:\Program Files\Atari
2008-02-29 10:29:37 331 --a------ C:\driveicons_back.reg
2008-02-27 23:23:29 0 d-------- C:\Documents and Settings\a109\Application Data\Malwarebytes
2008-02-27 23:23:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-27 23:23:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-27 23:22:59 0 d-------- C:\Program Files\Common Files\Download Manager
2008-02-24 21:58:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 21:58:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-24 18:24:54 0 d-------- C:\cmdcons
2008-02-22 13:28:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 13:28:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 13:28:15 0 d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 13:27:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:13:04 0 d-------- C:\Program Files\Trend Micro
2008-02-22 08:13:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-02-22 08:13:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-22 08:11:08 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-22 01:43:58 0 d-------- C:\Program Files\CCleaner
2008-02-22 00:09:29 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-22 00:09:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-02-21 22:59:54 0 d-------- C:\Program Files\McAfee.com
2008-02-21 22:45:36 1219 --a------ C:\WINDOWS\mozver.dat
2008-02-21 15:41:08 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-02-20 23:57:20 0 d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-20 23:55:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-20 23:49:15 0 d-------- C:\Program Files\McAfee
2008-02-20 23:49:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-20 23:48:25 131072 -----n--- C:\WINDOWS\system32\mclsp.dll <Not Verified; McAfee, Inc.; McAfee Privacy Service>
2008-02-20 23:48:25 32768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-02-20 23:48:24 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-02-20 23:47:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-20 23:43:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 21:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:40:36 0 d-------- C:\WINDOWS\Search And Destroy
2008-02-20 15:12:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-20 00:26:00 0 d-------- C:\WINDOWS\$hf_mig$
2008-02-20 00:24:39 3284 --a------ C:\WINDOWS\system32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-20 00:14:23 0 d-------- C:\WINDOWS\pss
2008-02-19 21:09:07 0 d-------- C:\WINDOWS\Wireless
2008-02-18 10:29:43 5242880 --a------ C:\Documents and Settings\a109\ntuser.dat
2008-02-18 10:24:14 0 d-------- C:\Temp
2008-02-18 10:18:51 0 d-------- C:\WINDOWS\Sun
2008-02-14 11:05:39 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-02-14 11:05:39 0 d-------- C:\Program Files\VstPlugins
2008-02-14 11:03:49 0 d-------- C:\Program Files\Image-Line
2008-02-13 10:38:38 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-12 22:28:24 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-12 22:28:24 137216 --a------ C:\WINDOWS\system32\Msderun.dll <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0>
2008-02-12 22:28:24 0 d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 22:28:12 0 d-------- C:\Program Files\SlowBlast
2008-02-12 22:27:57 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-02-12 22:27:56 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-02-12 22:27:54 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-02-12 22:27:52 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-02-12 22:27:52 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-02-12 22:27:51 4608 --a------ C:\WINDOWS\system32\W95Inf32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-02-12 22:27:51 2272 --a------ C:\WINDOWS\system32\W95Inf16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-02-12 22:27:50 0 d-------- C:\Program Files\Cakewalk
2008-02-12 22:27:50 0 d-------- C:\Cakewalk Projects
2008-02-12 16:58:00 0 d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 16:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 16:54:31 0 d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 16:53:10 0 d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 16:52:57 0 d-------- C:\Program Files\Common Files\AOL
2008-02-12 16:52:55 0 d-------- C:\Program Files\Viewpoint
2008-02-12 16:52:55 0 d-------- C:\Program Files\AOD
2008-02-12 16:52:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 16:52:51 0 d-------- C:\Program Files\AIM
2008-02-12 16:44:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 16:44:34 0 d-------- C:\Documents and Settings\a109\Application Data\Mozilla
2008-02-12 16:30:51 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-12 16:30:38 262144 --a------ C:\WINDOWS\system32\wnicapi.dll <Not Verified; Wireless Service; WNICAPI Dynamic Link Library>
2008-02-12 16:30:38 233472 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; ; WlanApp Dynamic Link Library>
2008-02-12 16:30:38 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-02-12 16:30:38 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-02-12 16:30:38 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-02-12 16:30:38 679936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Wireless Service; ANIWZCS Dynamic Link Library>
2008-02-12 16:30:38 45115 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-02-12 16:30:38 217088 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-02-12 16:30:19 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-02-12 16:30:19 48128 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-12 16:30:19 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-02-12 16:30:19 28195 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-12 16:30:19 0 d-------- C:\Program Files\ANI
2008-02-12 16:29:27 0 d-------- C:\Program Files\D-Link
2008-02-12 16:28:48 0 d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 16:21:51 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}

-- Find3M Report ---------------------------------------------------------------

2008-03-04 10:57:25 0 d-------- C:\Program Files\Winamp
2008-03-04 10:52:33 0 d-------- C:\Program Files\Messenger
2008-03-04 10:51:53 0 d-------- C:\Program Files\iTunes
2008-03-01 14:37:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 14:25:08 0 d-------- C:\Program Files\Common Files
2008-03-01 14:21:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-01 13:40:39 0 d-------- C:\Documents and Settings\a109\Application Data\U3
2008-02-12 18:57:26 0 d-------- C:\Documents and Settings\a109\Application Data\Adobe
2008-02-12 16:53:45 0 d-------- C:\Documents and Settings\a109\Application Data\Macromedia
2008-01-26 20:54:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-25 14:28:11 0 d-------- C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 14:27:51 0 d-------- C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 14:24:06 0 d-------- C:\Program Files\Autodesk
2008-01-25 14:18:10 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-25 14:03:45 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-25 14:02:32 0 d-------- C:\Program Files\Microsoft WSE
2008-01-25 13:35:27 0 d-------- C:\Program Files\Roxio ----------
2008-01-09 00:29:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-04 19:16:22 0 d-------- C:\Program Files\The Print Shop 21
2007-12-27 13:32:33 7680 --ahs---- C:\Program Files\Thumbs.db

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 02:01 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 12:28 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [08/20/2007 02:05 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 07:05 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [09/15/2005 02:00 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/03/2004 11:56 PM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [02/20/2008 09:15 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Photo TurboBackup"=C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s

C:\Documents and Settings\a109\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 2:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/26/2008 8:54:53 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
DESKTOP.INI [9/3/2002 2:36:04 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 10:07:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY

#14
SNOWHITE

Posted 05 March 2008 - 12:10 PM

Trusted Helper

Retired Staff
1,327 posts

Hello DannyJoe, ~~there is one small part that is missing from dss main.txt, could you please re-post the whole report in new post?~~

Instead of re-posting the report by dss please download combofix again and run scan with it:

A guide and tutorial on using ComboFix can be found at the following link http://www.bleepingc...to-use-combofix

1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

Regards,

Edited by SNOWHITE, 05 March 2008 - 12:35 PM.

#15
DannyJoe

Posted 05 March 2008 - 01:03 PM

Member

Topic Starter
Member
14 posts

here's the combofix log

ComboFix 08-03-05.1 - a109 2008-03-05 13:59:50.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.535 [GMT -5:00]
Running from: C:\Documents and Settings\a109\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 22:20 . 2008-03-04 22:21 <DIR> d-------- C:\sex
2008-03-04 11:27 . 2008-03-04 11:27 <DIR> d-------- C:\Deckard
2008-03-04 10:03 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-03-04 09:45 . 2008-03-04 11:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-04 09:45 . 2008-03-04 09:45 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-04 09:45 . 2008-03-04 09:45 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-04 09:45 . 2008-03-04 09:45 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-04 09:45 . 2008-03-04 09:45 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-02 11:41 . 2008-03-02 11:41 <DIR> d-------- C:\Program Files\uTorrent
2008-03-02 11:41 . 2008-03-02 14:44 <DIR> d-------- C:\Documents and Settings\a109\Application Data\uTorrent
2008-03-01 14:34 . 2008-03-01 14:34 98,304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-03-01 14:27 . 2008-03-01 14:27 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Atari
2008-03-01 14:25 . 2008-03-01 14:25 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-03-01 14:25 . 2008-03-01 14:25 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Leadertech
2008-03-01 14:25 . 2002-02-27 17:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Program Files\Atari
2008-02-29 10:29 . 2008-02-29 10:29 331 --a------ C:\driveicons_back.reg
2008-02-27 23:23 . 2008-03-04 10:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-27 23:23 . 2008-02-27 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-27 23:23 . 2008-02-27 23:23 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Malwarebytes
2008-02-27 23:22 . 2008-02-27 23:22 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-24 21:58 . 2008-02-24 21:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-24 21:58 . 2008-02-24 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 23:37 . 2008-02-22 23:37 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-22 13:28 . 2008-03-04 10:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 13:28 . 2008-02-22 13:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 13:27 . 2008-02-22 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 13:13 . 2008-02-22 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 01:43 . 2008-02-22 01:44 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 00:20 . 2008-02-22 00:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-21 23:03 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-02-21 23:00 . 2005-05-24 18:23 288,320 -ra------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-02-21 22:59 . 2008-02-21 23:02 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-21 22:59 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\SYSTEM32\mcinsctl.dll
2008-02-21 22:45 . 2008-02-21 22:45 1,219 --a------ C:\WINDOWS\mozver.dat
2008-02-20 23:57 . 2008-02-20 23:59 <DIR> d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-20 23:55 . 2008-02-20 23:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-20 23:53 . 2008-02-21 22:52 41,280 --a------ C:\WINDOWS\SYSTEM32\Status.MPF
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Program Files\McAfee
2008-02-20 23:49 . 2008-02-20 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-20 23:48 . 2006-03-01 11:34 131,072 --------- C:\WINDOWS\SYSTEM32\mclsp.dll
2008-02-20 23:48 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe
2008-02-20 23:48 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2008-02-20 23:47 . 2008-02-21 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-20 23:43 . 2008-02-22 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 21:13 . 2008-02-20 21:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 21:13 . 2008-02-20 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:40 . 2008-02-20 20:40 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-20 15:12 . 2008-02-27 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-02-20 12:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-02-20 12:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-20 12:44 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-20 00:26 . 2008-02-20 10:10 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-20 00:24 . 2008-03-05 05:29 3,284 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-19 21:09 . 2008-02-20 12:38 <DIR> d-------- C:\WINDOWS\Wireless
2008-02-18 10:24 . 2008-02-23 10:50 <DIR> d-------- C:\Temp
2008-02-18 10:18 . 2008-02-18 10:18 <DIR> d-------- C:\WINDOWS\Sun
2008-02-14 11:05 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\VstPlugins
2008-02-14 11:05 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-02-14 11:05 . 2006-06-20 03:56 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-02-14 11:03 . 2008-02-14 11:16 <DIR> d-------- C:\Program Files\Image-Line
2008-02-13 18:55 . 2008-02-13 18:55 628,419 --a------ C:\duet.mp3
2008-02-13 15:53 . 2008-02-13 18:55 652 --a------ C:\WINDOWS\netdet.ini
2008-02-13 10:38 . 2008-02-22 00:54 7 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME
2008-02-12 22:28 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\SlowBlast
2008-02-12 22:28 . 2008-02-13 17:16 <DIR> d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 22:28 . 1998-06-09 00:00 137,216 --a------ C:\WINDOWS\SYSTEM32\Msderun.dll
2008-02-12 22:28 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2008-02-12 22:27 . 2008-02-12 22:28 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-12 18:40 . 2008-02-12 18:40 38,579 --a------ C:\pj.jpg
2008-02-12 16:58 . 2008-02-12 16:58 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 16:57 . 2008-02-12 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 16:54 . 2008-02-12 16:54 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 16:53 . 2008-02-12 16:53 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 16:52 . 2008-02-22 02:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Program Files\AOD
2008-02-12 16:52 . 2008-03-04 10:31 <DIR> d-------- C:\Program Files\AIM
2008-02-12 16:52 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 16:44 . 2008-02-12 16:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\ANI
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\D-Link
2008-02-12 16:29 . 2007-07-28 14:50 517,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys
2008-02-12 16:28 . 2008-02-12 16:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 16:21 . 2008-02-12 16:21 5 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:57 --------- d-----w C:\Program Files\Winamp
2008-03-04 15:51 --------- d-----w C:\Program Files\iTunes
2008-03-01 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 19:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-01 18:40 --------- d-----w C:\Documents and Settings\a109\Application Data\U3
2008-01-27 01:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 19:28 --------- d-----w C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 19:27 --------- d-----w C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 19:24 --------- d-----w C:\Program Files\Autodesk
2008-01-25 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-25 19:18 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-25 19:03 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 19:02 --------- d-----w C:\Program Files\Microsoft WSE
2008-01-25 18:35 --------- d-----w C:\Program Files\Roxio ----------
2008-01-05 00:16 --------- d-----w C:\Program Files\The Print Shop 21
2008-01-05 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2007-12-27 18:32 7,680 --sha-w C:\Program Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:56 1667584]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 09:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 14:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 02:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 20:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 05:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 05:31]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 PBKNTService;PBKNTService;C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe [2005-09-15 02:00]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - THOLRGTIPUGG
.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 23:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 14:02:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-05 14:03:50
ComboFix2.txt 2008-02-28 04:19:21