Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumondo or Win32:TratBHO

Started by camster98 , Mar 27 2008 09:41 AM

  • This topic is locked This topic is locked

#1
camster98
Posted 27 March 2008 - 09:41 AM

camster98

    Member

  • Member
  • PipPipPip
  • 135 posts
I belive i have Win32:TratBHO and/or Virtumondo on my computer. fix it utilitys anti virus shows virtumondo and avast show Win32:TratBHO. there are many files in windows\system32 with the name of jk***.dll. heres my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:06 AM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
O2 - BHO: (no name) - {0560B1B6-3304-48F4-8BF0-498A74BE8CC4} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BF701589-FE57-45A5-B471-1E24854DBFBE} - (no file)
O2 - BHO: (no name) - {D23B91ED-D41A-403F-9F74-877FD2250E27} - (no file)
O2 - BHO: (no name) - {ECA1885F-AEDE-4B85-A31B-877771A6BAA3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] YTPro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204839214263
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9982 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 30 March 2008 - 02:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
camster98
Posted 31 March 2008 - 10:20 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
actuly good news yesterday avast came out with the antivirus definitions for virtumondo and i updated rebooted with boot time scan enabled and it found all instances of virtumondo and deleted it. my system is fully running again with out explorer restarting 500 times a minuet
  • 0

#4
Rorschach112
Posted 31 March 2008 - 10:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do you want to run the scan to be safe or shall we mark this one as resolved ?
  • 0

#5
camster98
Posted 31 March 2008 - 11:01 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
shure why not let me run those scans and give yall the info
  • 0

#6
camster98
Posted 31 March 2008 - 11:24 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ComboFix 08-03-30.3 - localadmin 2008-03-31 12:06:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.519 [GMT -6:00]
Running from: C:\Documents and Settings\localadmin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\ssqpo.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 11:11 . 2008-03-31 11:11 34 --a------ C:\WINDOWS\system32\BD7220.DAT
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\SourceTec
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d-------- C:\Program Files\CGN
2008-03-28 10:53 . 2008-03-28 10:53 <DIR> d-------- C:\Program Files\vixy.net
2008-03-28 07:47 . 2008-03-28 07:51 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\U3
2008-03-28 06:44 . 2008-03-31 11:11 410 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-27 09:34 . 2008-03-27 09:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 22:51 . 2008-03-26 22:51 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-03-26 20:10 . 2005-12-13 17:40 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-26 19:59 . 2004-08-04 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-26 19:58 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-26 19:53 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-03-26 13:25 . 2008-03-27 22:11 1,063,743,488 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-25 16:41 . 2008-03-25 16:41 <DIR> d-------- C:\WINDOWS\EHome
2008-03-25 15:57 . 2008-03-26 20:15 <DIR> d-------- C:\Program Files\Unlocker
2008-03-25 01:35 . 2008-03-25 01:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-03-25 00:58 . 2008-03-25 00:58 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-03-25 00:58 . 2008-03-25 01:13 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-03-25 00:58 . 2008-03-25 00:58 0 --a------ C:\WINDOWS\control.ini
2008-03-25 00:54 . 2004-08-04 04:00 3,555,328 --a--c--- C:\WINDOWS\system32\dllcache\moviemk.exe
2008-03-25 00:52 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-03-25 00:50 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-03-25 00:50 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-25 00:20 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-25 00:17 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-25 00:17 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-25 00:15 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-03-25 00:14 . 2004-08-04 04:00 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2008-03-25 00:14 . 2004-08-04 04:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2008-03-25 00:13 . 2002-09-03 10:50 1,086,182 -ra------ C:\WINDOWS\SETB5.tmp
2008-03-25 00:13 . 2004-08-04 04:00 146,432 --a------ C:\WINDOWS\system\WINSPOOL.DRV
2008-03-25 00:13 . 2004-08-04 00:56 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2008-03-25 00:13 . 2002-09-03 10:35 13,608 -ra------ C:\WINDOWS\SETC4.tmp
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2008-03-25 00:13 . 2002-09-03 11:16 7,046 -ra------ C:\WINDOWS\SETDA.tmp
2008-03-24 21:21 . 2008-03-24 21:26 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\gtk-2.0
2008-03-24 21:20 . 2008-03-24 22:31 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-24 21:17 . 2008-03-28 12:42 135,168 --a------ C:\WINDOWS\system32\MSCOMCT2.oca
2008-03-24 21:17 . 2008-03-28 12:42 76,288 --a------ C:\WINDOWS\system32\Msflxgrd.oca
2008-03-24 21:16 . 2008-03-24 21:16 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-24 21:14 . 2008-03-24 21:14 27,702 --a------ C:\YimDPImage.bmp
2008-03-24 21:02 . 2008-03-27 11:14 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca
2008-03-24 17:22 . 2008-03-24 17:22 <DIR> d-------- C:\Program Files\BreakPoint Software
2008-03-24 17:15 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\XAimer
2008-03-24 17:15 . 2004-12-06 06:10 192,512 --a------ C:\WINDOWS\system32\ssresources.dll
2008-03-24 17:15 . 2006-05-08 19:59 49,152 --a------ C:\WINDOWS\system32\AIMDL.exe
2008-03-24 17:15 . 2008-03-24 17:27 20,481 --a------ C:\WINDOWS\system32\SystemsHook.dll
2008-03-24 17:01 . 2008-03-24 17:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 16:05 . 2008-03-23 16:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-23 16:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-23 16:03 . 2004-09-29 11:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-23 16:03 . 2004-09-29 11:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-23 16:03 . 2004-09-29 11:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-23 16:03 . 2004-09-29 11:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-23 16:03 . 2004-09-29 11:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-23 16:03 . 2004-09-29 11:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-23 16:01 . 2008-03-23 16:03 <DIR> d-------- C:\Program Files\HP
2008-03-23 16:00 . 2008-03-23 16:06 102,262 --a------ C:\WINDOWS\hpoins05.dat
2008-03-23 16:00 . 2005-12-16 23:56 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-23 16:00 . 2005-12-16 23:56 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-23 16:00 . 2005-12-16 23:56 17,505 --a------ C:\WINDOWS\hpomdl07.dat
2008-03-23 16:00 . 2005-12-16 23:56 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-23 15:59 . 2005-12-16 23:56 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-03-23 15:59 . 2005-12-16 23:55 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-03-23 15:59 . 2005-12-16 23:56 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-23 15:59 . 2005-12-16 23:56 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-23 15:59 . 2005-12-16 23:56 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-03-23 15:59 . 2005-12-16 23:55 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-03-23 15:59 . 2005-12-16 23:55 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2008-03-23 15:59 . 2005-12-16 23:56 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-03-23 15:58 . 2008-03-24 18:26 <DIR> d-------- C:\temp\HP_WebRelease
2008-03-23 15:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-21 09:43 . 2008-03-21 09:44 <DIR> d-------- C:\Program Files\Source Insight 3
2008-03-21 01:34 . 2008-03-21 23:14 <DIR> d-------- C:\Program Files\mIRC
2008-03-21 01:34 . 2008-03-21 23:18 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\mIRC
2008-03-21 00:30 . 2008-03-27 11:14 175,616 --a------ C:\WINDOWS\system32\wmp.oca
2008-03-21 00:30 . 2008-03-27 11:14 99,840 --a------ C:\WINDOWS\system32\actskin4.oca
2008-03-21 00:30 . 2008-03-21 00:30 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-03-21 00:30 . 2008-03-27 11:14 19,456 --a------ C:\WINDOWS\system32\comsnap.oca
2008-03-20 23:21 . 2008-03-20 23:21 84 --a------ C:\WINDOWS\netdet.ini
2008-03-20 10:42 . 2008-03-20 10:42 <DIR> d-------- C:\VundoFix Backups
2008-03-20 02:35 . 2008-03-31 09:43 <DIR> d-------- C:\Program Files\VB Decompiler Pro
2008-03-20 02:19 . 2008-03-20 02:19 <DIR> d-------- C:\Program Files\YTK Pro
2008-03-20 02:19 . 2008-03-20 02:20 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\YTK Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 17:14 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-25 06:58 558,142 ----a-w C:\WINDOWS\java\Packages\5BTZFPRV.ZIP
2008-03-25 04:31 --------- d-----w C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-20 16:19 155,995 ----a-w C:\WINDOWS\java\Packages\1ZJVPVTF.ZIP
2008-03-03 19:51 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0560B1B6-3304-48F4-8BF0-498A74BE8CC4}]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF701589-FE57-45A5-B471-1E24854DBFBE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D23B91ED-D41A-403F-9F74-877FD2250E27}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA1885F-AEDE-4B85-A31B-877771A6BAA3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 17:09 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"Y!TunnelPro"="YTPro.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 23:10 15872]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\TDdownload\\aircrack-ng-1.0-beta2-win\\aircrack-ng-1.0-beta2-win\\bin\\buddy-ng.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2008-02-20 11:14]
R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2008-03-13 13:56]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 12:11]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 02:05]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 11:11]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 20:12]
S3 PsSdk41;PsSdk41;C:\WINDOWS\system32\Drivers\pssdk41.sys [2008-03-14 17:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6def4d2e-ea31-11dc-b50e-ec717f90566f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - MAILSCAN
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 21:47:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 12:20:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-03-31 12:22:05 - machine was rebooted [localadmin]
ComboFix-quarantined-files.txt 2008-03-31 18:22:01
Pre-Run: 26,014,523,392 bytes free
Post-Run: 25,918,828,544 bytes free
.
2008-03-31 09:00:40 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:05 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {0560B1B6-3304-48F4-8BF0-498A74BE8CC4} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] YTPro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204839214263
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9738 bytes

so yah yall where right theres traces here of the virus.

Edited by camster98, 31 March 2008 - 11:26 AM.

  • 0

#7
Rorschach112
Posted 31 March 2008 - 12:22 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Bit for us to do

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {0560B1B6-3304-48F4-8BF0-498A74BE8CC4} - C:\WINDOWS\system32\jkhfg.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETC4.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\system32\Drivers\pssdk41.sys

Driver::
PsSdk41


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Reboot and post a new HijackThis log
  • 0

#8
camster98
Posted 01 April 2008 - 12:00 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
should combofix be idle for 30 mins after compleating step 2?
  • 0

#9
Rorschach112
Posted 01 April 2008 - 05:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No

Try it again, and if it happens just go ahead and do this instead


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#10
camster98
Posted 01 April 2008 - 05:23 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ComboFix 08-03-30.3 - localadmin 2008-03-31 14:04:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.699 [GMT -6:00]
Running from: C:\Documents and Settings\localadmin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\localadmin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETC4.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\system32\Drivers\pssdk41.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winsusrm.dll
C:\WINDOWS\system32\winsusrx.dll
.
---- Previous Run -------
.
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETC4.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\system32\Drivers\pssdk41.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSSDK41
-------\Service_PsSdk41


((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-31 21:14 . 2008-03-31 21:21 28 --a------ C:\WINDOWS\ODBC.INI
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\WINDOWS\5350-8641-2429-7641-5705
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\eEye Digital Security
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\Common Files\eEye Digital Security
2008-03-31 21:03 . 2008-03-31 21:03 8 --a------ C:\WINDOWS\system32\ptl.dat.{F9EC52FA-7EC9-4CB0-AC04-73ECCDD900F5}
2008-03-31 13:49 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Shared
2008-03-31 13:49 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Incomplete
2008-03-31 13:30 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\FrostWire
2008-03-31 13:29 . 2008-03-31 13:30 <DIR> d-------- C:\Program Files\FrostWire
2008-03-31 13:29 . 2008-03-31 13:29 <DIR> d-------- C:\Program Files\AskSBar
2008-03-31 11:48 . 2008-03-31 11:49 <DIR> d-------- C:\Program Files\Chinese Symbol Studio
2008-03-31 11:48 . 2008-03-31 11:48 <DIR> d-------- C:\Documents and Settings\localadmin\CSB
2008-03-31 11:11 . 2008-03-31 11:11 34 --a------ C:\WINDOWS\system32\BD7220.DAT
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\SourceTec
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d-------- C:\Program Files\CGN
2008-03-28 10:53 . 2008-03-28 10:53 <DIR> d-------- C:\Program Files\vixy.net
2008-03-28 07:47 . 2008-03-28 07:51 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\U3
2008-03-28 06:44 . 2008-03-31 11:11 410 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-27 09:34 . 2008-03-27 09:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 22:51 . 2008-03-26 22:51 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-03-26 20:10 . 2005-12-13 17:40 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-26 19:59 . 2004-08-04 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-26 19:58 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-26 19:53 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-03-26 13:25 . 2008-03-31 21:15 1,063,743,488 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-25 16:41 . 2008-03-25 16:41 <DIR> d-------- C:\WINDOWS\EHome
2008-03-25 15:57 . 2008-03-26 20:15 <DIR> d-------- C:\Program Files\Unlocker
2008-03-25 01:35 . 2008-03-25 01:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-03-25 00:58 . 2008-03-25 00:58 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-03-25 00:58 . 2008-03-25 01:13 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-03-25 00:58 . 2008-03-25 00:58 0 --a------ C:\WINDOWS\control.ini
2008-03-25 00:54 . 2004-08-04 04:00 3,555,328 --a--c--- C:\WINDOWS\system32\dllcache\moviemk.exe
2008-03-25 00:52 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-03-25 00:50 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-03-25 00:50 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-25 00:20 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-25 00:17 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-25 00:17 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-25 00:15 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-03-25 00:14 . 2004-08-04 04:00 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2008-03-25 00:14 . 2004-08-04 04:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2008-03-25 00:13 . 2004-08-04 04:00 146,432 --a------ C:\WINDOWS\system\WINSPOOL.DRV
2008-03-25 00:13 . 2004-08-04 00:56 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2008-03-24 21:21 . 2008-03-24 21:26 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\gtk-2.0
2008-03-24 21:20 . 2008-03-24 22:31 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-24 21:17 . 2008-03-28 12:42 135,168 --a------ C:\WINDOWS\system32\MSCOMCT2.oca
2008-03-24 21:17 . 2008-03-28 12:42 76,288 --a------ C:\WINDOWS\system32\Msflxgrd.oca
2008-03-24 21:16 . 2008-03-24 21:16 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-24 21:14 . 2008-03-24 21:14 27,702 --a------ C:\YimDPImage.bmp
2008-03-24 21:02 . 2008-03-27 11:14 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca
2008-03-24 17:22 . 2008-03-24 17:22 <DIR> d-------- C:\Program Files\BreakPoint Software
2008-03-24 17:15 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\XAimer
2008-03-24 17:15 . 2004-12-06 06:10 192,512 --a------ C:\WINDOWS\system32\ssresources.dll
2008-03-24 17:15 . 2006-05-08 19:59 49,152 --a------ C:\WINDOWS\system32\AIMDL.exe
2008-03-24 17:15 . 2008-03-24 17:27 20,481 --a------ C:\WINDOWS\system32\SystemsHook.dll
2008-03-24 17:01 . 2008-03-24 17:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 16:05 . 2008-03-23 16:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-23 16:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-23 16:03 . 2004-09-29 11:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-23 16:03 . 2004-09-29 11:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-23 16:03 . 2004-09-29 11:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-23 16:03 . 2004-09-29 11:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-23 16:03 . 2004-09-29 11:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-23 16:03 . 2004-09-29 11:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-23 16:01 . 2008-03-23 16:03 <DIR> d-------- C:\Program Files\HP
2008-03-23 16:00 . 2008-03-23 16:06 102,262 --a------ C:\WINDOWS\hpoins05.dat
2008-03-23 16:00 . 2005-12-16 23:56 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-23 16:00 . 2005-12-16 23:56 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-23 16:00 . 2005-12-16 23:56 17,505 --a------ C:\WINDOWS\hpomdl07.dat
2008-03-23 16:00 . 2005-12-16 23:56 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-23 15:59 . 2005-12-16 23:56 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-03-23 15:59 . 2005-12-16 23:55 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-03-23 15:59 . 2005-12-16 23:56 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-23 15:59 . 2005-12-16 23:56 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-23 15:59 . 2005-12-16 23:56 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-03-23 15:59 . 2005-12-16 23:55 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-03-23 15:59 . 2005-12-16 23:55 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2008-03-23 15:59 . 2005-12-16 23:56 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-03-23 15:58 . 2008-03-24 18:26 <DIR> d-------- C:\temp\HP_WebRelease
2008-03-23 15:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-21 09:43 . 2008-03-21 09:44 <DIR> d-------- C:\Program Files\Source Insight 3
2008-03-21 01:34 . 2008-03-21 23:14 <DIR> d-------- C:\Program Files\mIRC
2008-03-21 01:34 . 2008-03-21 23:18 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 17:14 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-25 04:31 --------- d-----w C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-03 19:51 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-03-31_12.21.52.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-19 01:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
- 2008-03-14 15:41:03 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-03-31 17:49:01 10,752 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2004-09-02 01:51:02 238,720 ----a-w C:\WINDOWS\system32\DebugRpt.dll
+ 2004-09-02 01:51:04 20,608 ----a-w C:\WINDOWS\system32\eevtc.dll
+ 2004-09-02 01:51:04 87,168 ----a-w C:\WINDOWS\system32\eEyePKI.dll
+ 2004-08-31 20:37:08 890,056 ----a-w C:\WINDOWS\system32\elic.dll
+ 2004-09-02 01:51:06 115,840 ----a-w C:\WINDOWS\system32\EMSAgent.dll
+ 2004-08-31 20:12:44 91,264 ----a-w C:\WINDOWS\system32\FileStore.dll
+ 2004-09-01 22:40:42 193,664 ----a-w C:\WINDOWS\system32\LocalStorage.dll
+ 2003-03-19 02:44:36 40,960 ----a-w C:\WINDOWS\system32\MFC71CHS.DLL
+ 2003-03-19 02:44:36 45,056 ----a-w C:\WINDOWS\system32\MFC71CHT.DLL
+ 2003-03-19 02:44:34 65,536 ----a-w C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-03-19 02:44:38 57,344 ----a-w C:\WINDOWS\system32\MFC71ENU.DLL
+ 2003-03-19 02:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ESP.DLL
+ 2003-03-19 02:44:34 61,440 ----a-w C:\WINDOWS\system32\MFC71FRA.DLL
+ 2003-03-19 02:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ITA.DLL
+ 2003-03-19 02:44:34 49,152 ----a-w C:\WINDOWS\system32\MFC71JPN.DLL
+ 2003-03-19 02:44:38 49,152 ----a-w C:\WINDOWS\system32\MFC71KOR.DLL
+ 2003-03-19 03:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2008-03-31 18:14:06 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-31 22:24:23 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-31 18:14:06 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-31 22:24:23 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-02-21 21:34:00 121,562 ----a-w C:\WINDOWS\system32\PicFormat32.dll
+ 2004-09-02 01:51:10 136,320 ----a-w C:\WINDOWS\system32\seccomm.dll
+ 2002-10-08 17:34:04 136,464 ----a-w C:\WINDOWS\system32\SfxBar.dll
+ 2003-11-18 07:37:20 72,192 ----a-r C:\WINDOWS\system32\zlib.dll
+ 2003-11-18 07:37:20 72,192 ----a-r C:\WINDOWS\system32\zlibwapi.dll
+ 2008-03-31 22:20:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat
+ 2008-03-31 22:20:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-31 13:29 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-31 13:29 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-31 13:29 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-31 13:29 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 17:09 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"Y!TunnelPro"="YTPro.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 23:10 15872]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\TDdownload\\aircrack-ng-1.0-beta2-win\\aircrack-ng-1.0-beta2-win\\bin\\buddy-ng.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=

R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2007-12-18 12:33]
R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2008-03-13 13:56]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 12:11]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 02:05]
R3 RET55;RET55 NDIS Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\Scanner\RET55.SYS [2004-09-01 20:40]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 11:11]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 20:12]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\Tools\Wireless\PCANDIS5_RETWIFI.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6def4d2e-ea31-11dc-b50e-ec717f90566f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 21:47:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 19:15:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-31 19:17:32 - machine was rebooted [localadmin]
ComboFix-quarantined-files.txt 2008-04-01 01:17:29
Pre-Run: 25,557,000,192 bytes free
Post-Run: 25,609,719,808 bytes free
.
2008-04-01 03:18:12 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:44 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] YTPro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204839214263
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: eEye Retina Engine (RetinaEngine) - eEye Digital Security - C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10329 bytes

i finaly got it to run imma run the dss now
  • 0

Advertisements

#11
Rorschach112
Posted 01 April 2008 - 05:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this instead of DSS

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me how your PC is running
  • 0

#12
camster98
Posted 01 April 2008 - 05:41 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
oh now i get that after running dss. btw like your who watches the watchmen sort of like off that dean koontz book or that debate on if the nsa watches the world who watches them thing.
  • 0

#13
Rorschach112
Posted 01 April 2008 - 05:50 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yep tis a good quote

DSS and ComboFix show the same stuff thats why no need to see the logs. Lets see what Kaspersky shows
  • 0

#14
camster98
Posted 01 April 2008 - 08:27 AM

camster98

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
ight let me run kaspersky i have time now
  • 0

#15
Rorschach112
Posted 01 April 2008 - 09:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP