Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Vundo.DVS [RESOLVED]


  • This topic is locked This topic is locked

#1
PhilipMK

PhilipMK

    Member

  • Member
  • PipPip
  • 11 posts
My antivirus program found a trojan called Trojan.Vundo.DVS at directory C:\WINDOWS\system32.The file is called RuBefil.ini and can't remove it.Also i've noticed that several shortcuts on my desktop has been deleted and also a boring dialog "Windows Security Alert" is showing whole time

Please for help i'll be very grateful.

P.S. Here the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:04, on 02.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 127.0.0.2 www.youtub.com
O1 - Hosts: 127.0.0.3 www.mininova.org
O1 - Hosts: 127.0.0.4 thepiratebay.org
O1 - Hosts: 127.0.0.5 www.torrentspy.com
O1 - Hosts: 127.0.0.6 tvrss.net
O1 - Hosts: 127.0.0.7 www.point-blank.cc
O1 - Hosts: 127.0.0.8 www.bittorrent.com
O1 - Hosts: 127.0.0.9 isohunt.com
O1 - Hosts: 127.0.0.20 www.torrentreactor.to
O1 - Hosts: 127.0.0.21 torrentz.ws
O1 - Hosts: 127.0.0.22 www.mybittorrent.com
O1 - Hosts: 127.0.0.23 www.torrentvalley.com
O1 - Hosts: 127.0.0.24 www.torrenthound.com
O1 - Hosts: 127.0.0.25 www.seedpeer.com
O1 - Hosts: 127.0.0.26 www.snarf-it.org
O1 - Hosts: 127.0.0.27 www.monova.org
O1 - Hosts: 127.0.0.28 extratorrent.com
O1 - Hosts: 127.0.0.29 www.sumotorrent.com
O1 - Hosts: 127.0.0.30 www.mp3reactor.org
O1 - Hosts: 127.0.0.31 torrents.sumotorrent.com
O1 - Hosts: 127.0.0.32 www.torrentstorage.com
O1 - Hosts: 127.0.0.33 www.mp3nova.org
O1 - Hosts: 127.0.0.34 www.torrent.to
O1 - Hosts: 127.0.0.35 btjunkie.org
O1 - Hosts: 127.0.0.36 www.torrentbox.com
O1 - Hosts: 127.0.0.37 www.torrentreactor.net
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
O4 - HKLM\..\Run: [74fe1feb] rundll32.exe "C:\WINDOWS\system32\jnvdaeff.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BIBLauncher] D:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKLM\..\Policies\Explorer\Run: [OlofeSIJMS] C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2546F0F1-C033-42E6-9850-969109AE9050}: NameServer = 62.162.32.8 62.162.32.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: qadovnel - {9B75DB1C-839D-4A60-A055-AE07C9BA3B30} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {2931A4FB-9751-41EE-987E-72EA0D55DA2E} - C:\WINDOWS\bdkpfxqw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7596 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello,

I followed the instrictons described above,so i'm posting the logs now:

***rapport.txt***

SmitFraudFix v2.319

Scan done at 2:00:13,46, 03.05.2008
Run from C:\Documents and Settings\ASTRA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.2 www.youtub.com

127.0.0.3 www.mininova.org

127.0.0.4 thepiratebay.org

127.0.0.5 www.torrentspy.com

127.0.0.6 tvrss.net

127.0.0.7 www.point-blank.cc

127.0.0.8 www.bittorrent.com

127.0.0.9 isohunt.com

127.0.0.10 forum.utorrent.com

127.0.0.11 www.demons-eye.org

127.0.0.12 fenopy.com

127.0.0.13 www.btmon.com

127.0.0.14 www.torrentportal.com

127.0.0.15 www.torrentz.com

127.0.0.16 www.fulldls.com

127.0.0.17 www.bitdig.com

127.0.0.18 www.onlytorrents.com

127.0.0.19 www.bitenova.nl

127.0.0.20 www.torrentreactor.to

127.0.0.21 torrentz.ws

127.0.0.22 www.mybittorrent.com

127.0.0.23 www.torrentvalley.com

127.0.0.24 www.torrenthound.com

127.0.0.25 www.seedpeer.com

127.0.0.26 www.snarf-it.org

127.0.0.27 www.monova.org

127.0.0.28 extratorrent.com

127.0.0.29 www.sumotorrent.com

127.0.0.30 www.mp3reactor.org

127.0.0.31 torrents.sumotorrent.com

127.0.0.32 www.torrentstorage.com

127.0.0.33 www.mp3nova.org

127.0.0.34 www.torrent.to

127.0.0.35 btjunkie.org

127.0.0.36 www.torrentbox.com

127.0.0.37 www.torrentreactor.net

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\gndarmblldk.dll deleted.
C:\WINDOWS\wxdbpfvo.dll deleted.
C:\WINDOWS\qadovnel.dll deleted.
C:\WINDOWS\bdkpfxqw.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\spwoqbmv.exe Deleted
C:\WINDOWS\xbaqktfv.exe Deleted
C:\DOCUME~1\ASTRA\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\ASTRA\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\ASTRA\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\ASTRA\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\ASTRA\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\ASTRA\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{168EF9BD-A1C5-4FFB-96C7-39B7F1C99F15}: DhcpNameServer=192.168.0.250 62.162.32.5 62.162.32.6
HKLM\SYSTEM\CS1\Services\Tcpip\..\{168EF9BD-A1C5-4FFB-96C7-39B7F1C99F15}: DhcpNameServer=192.168.0.250 62.162.32.5 62.162.32.6
HKLM\SYSTEM\CS2\Services\Tcpip\..\{168EF9BD-A1C5-4FFB-96C7-39B7F1C99F15}: DhcpNameServer=192.168.0.250 62.162.32.5 62.162.32.6


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

***main.txt***

Deckard's System Scanner v20071014.68
Run by ASTRA on 2008-05-03 02:14:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-05-03 00:14:16 UTC - RP287 - Deckard's System Scanner Restore Point
66: 2008-05-02 13:48:16 UTC - RP286 - Last known good configuration
65: 2008-05-02 13:48:11 UTC - RP285 - System Checkpoint
64: 2008-05-02 13:48:10 UTC - RP284 - System Checkpoint
63: 2008-05-02 13:48:10 UTC - RP283 - System Checkpoint


-- First Restore Point --
1: 2008-05-02 13:47:52 UTC - RP221 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as ASTRA.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:15:03, on 03.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Business-in-a-Box\BIBLauncher.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ASTRA\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ASTRA.exe

O1 - Hosts: 127.0.0.2 www.youtub.com
O1 - Hosts: 127.0.0.3 www.mininova.org
O1 - Hosts: 127.0.0.4 thepiratebay.org
O1 - Hosts: 127.0.0.5 www.torrentspy.com
O1 - Hosts: 127.0.0.6 tvrss.net
O1 - Hosts: 127.0.0.7 www.point-blank.cc
O1 - Hosts: 127.0.0.8 www.bittorrent.com
O1 - Hosts: 127.0.0.9 isohunt.com
O1 - Hosts: 127.0.0.20 www.torrentreactor.to
O1 - Hosts: 127.0.0.21 torrentz.ws
O1 - Hosts: 127.0.0.22 www.mybittorrent.com
O1 - Hosts: 127.0.0.23 www.torrentvalley.com
O1 - Hosts: 127.0.0.24 www.torrenthound.com
O1 - Hosts: 127.0.0.25 www.seedpeer.com
O1 - Hosts: 127.0.0.26 www.snarf-it.org
O1 - Hosts: 127.0.0.27 www.monova.org
O1 - Hosts: 127.0.0.28 extratorrent.com
O1 - Hosts: 127.0.0.29 www.sumotorrent.com
O1 - Hosts: 127.0.0.30 www.mp3reactor.org
O1 - Hosts: 127.0.0.31 torrents.sumotorrent.com
O1 - Hosts: 127.0.0.32 www.torrentstorage.com
O1 - Hosts: 127.0.0.33 www.mp3nova.org
O1 - Hosts: 127.0.0.34 www.torrent.to
O1 - Hosts: 127.0.0.35 btjunkie.org
O1 - Hosts: 127.0.0.36 www.torrentbox.com
O1 - Hosts: 127.0.0.37 www.torrentreactor.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31BF559B-9833-4B79-AB8A-E8209F2C9A66} - C:\WINDOWS\system32\iifeBuRI.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSEvents Object - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\mlJBqoPH.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
O4 - HKLM\..\Run: [74fe1feb] rundll32.exe "C:\WINDOWS\system32\qdtjmgjh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BIBLauncher] D:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKLM\..\Policies\Explorer\Run: [OlofeSIJMS] C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2546F0F1-C033-42E6-9850-969109AE9050}: NameServer = 62.162.32.8 62.162.32.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJBqoPH - C:\WINDOWS\SYSTEM32\mlJBqoPH.dll
O21 - SSODL: bdkpfxqw - {2931A4FB-9751-41EE-987E-72EA0D55DA2E} - C:\WINDOWS\bdkpfxqw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8076 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070829-172851-199 O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - (no file)
backup-20070829-172851-208 O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
backup-20070829-172851-239 O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - (no file)
backup-20070829-172851-275 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070829-172851-458 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20070829-172851-475 O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
backup-20070829-172851-612 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070829-172851-821 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070829-172851-895 O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
backup-20070829-172851-978 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070829-172852-539 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20070829-172852-840 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070829-173402-211 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070829-173435-176 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20070829-173435-209 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20070829-173435-323 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20070829-173435-571 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20070829-173435-834 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20070829-173451-786 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070829-173803-357 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070829-173803-510 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20070829-173803-773 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
backup-20070829-173803-972 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20070829-173804-229 O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
backup-20070829-173804-310 O21 - SSODL: wmphost - {0471A80B-0F6A-450A-82AF-FF7A567726E9} - C:\WINDOWS\wmphost.dll
backup-20070829-173804-455 O21 - SSODL: wmpdev - {99E0F7A5-7126-4BBB-8322-2F3634C6F1B6} - C:\WINDOWS\wmpdev.dll
backup-20070829-173804-478 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187800319750
backup-20070829-173804-958 O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
backup-20070829-173827-503 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070829-173852-956 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20070926-160318-767 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070926-160318-809 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070926-160356-782 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188487023000

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R1 NetPeeker - c:\windows\system32\drivers\netpeeker.sys <Not Verified; Ming Jin; NetPeeker>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>

S2 NSynas32 - c:\windows\system32\drivers\nsynas32.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 Profos - c:\program files\softwin\bitdefender10\profos.sys (file missing)
S3 Trufos - c:\program files\softwin\bitdefender10\trufos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>

S2 d3lysuati1zea (Print Spooler Service) -
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-03 02:09:04 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-05-02 17:20:46 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-02-21 04:00:24 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-09 12:49:47 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-02 20:08:28 96320 --a------ C:\WINDOWS\system32\qdtjmgjh.dll
2008-05-02 20:07:44 5554 --ahs---- C:\WINDOWS\system32\IRuBefii.ini2
2008-05-02 19:03:14 0 d-------- C:\VundoFix Backups
2008-05-02 16:46:03 0 d-------- C:\Documents and Settings\ASTRA\Application Data\TmpRecentIcons
2008-05-02 15:47:41 280576 --a------ C:\WINDOWS\system32\iifeBuRI.dll
2008-05-02 15:38:56 0 d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-02 15:01:24 0 d-------- C:\Documents and Settings\All Users\Application Data\epkryfyx
2008-05-02 15:00:18 37376 --a------ C:\WINDOWS\system32\mlJBqoPH.dll
2008-05-02 14:33:22 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-05-02 14:30:42 200788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sys <Not Verified; Ming Jin; NetPeeker>
2008-04-27 15:21:39 0 d-------- C:\Program Files\MSN Messenger
2008-04-24 23:20:50 0 d-------- C:\Documents and Settings\ASTRA\Application Data\sldIM
2008-04-15 22:33:05 0 d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorksNewsReader
2008-04-15 22:32:00 0 d-------- C:\Documents and Settings\ASTRA\Application Data\DassaultSystemes
2008-04-15 22:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-15 22:30:54 0 d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorks
2008-04-15 22:24:38 0 d-------- C:\Documents and Settings\ASTRA\Application Data\DWGeditor
2008-04-15 22:23:57 0 d-------- C:\Program Files\DWGeditor
2008-04-15 22:23:37 0 d-------- C:\Program Files\SolidWorks Installation Manager
2008-04-15 22:19:37 0 d-------- C:\Program Files\Common Files\eDrawings2007
2008-04-15 22:12:49 0 d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-04-15 22:12:09 0 d-------- C:\Program Files\SolidWorks
2008-04-15 22:12:09 0 d-------- C:\Program Files\Common Files\Solidworks Data
2008-04-14 17:41:01 0 d-------- C:\Program Files\uTorrent
2008-04-14 17:40:54 0 d-------- C:\Documents and Settings\ASTRA\Application Data\uTorrent
2008-04-14 17:25:00 0 d-------- C:\D
2008-04-08 15:33:39 0 dr-h----- C:\Documents and Settings\ASTRA\Recent
2008-04-08 00:33:39 0 d-------- C:\Program Files\Soulseek
2008-04-07 17:13:25 0 d-------- C:\Program Files\Business-in-a-Box
2008-04-03 21:42:30 180224 --a------ C:\WINDOWS\system32\ijl11.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-04-03 21:42:30 882688 --a------ C:\WINDOWS\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-03 21:42:28 0 d-------- C:\Program Files\MDIConvertor
2008-04-03 21:22:09 212 ---h----- C:\Documents and Settings\ASTRA\Application Data\srfvdo.dat
2008-04-03 21:21:51 0 --a------ C:\WINDOWS\system32\srfvdo.dat
2008-04-03 21:21:49 0 d-------- C:\Program Files\SwiftView


-- Find3M Report ---------------------------------------------------------------

2008-05-03 02:00:38 2478 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-02 14:46:45 0 d-------- C:\Program Files\NetPeeker
2008-05-02 00:03:25 0 d-------- C:\Documents and Settings\ASTRA\Application Data\LimeWire
2008-05-01 21:39:06 0 d-------- C:\Documents and Settings\ASTRA\Application Data\Skype
2008-05-01 21:38:52 0 d-------- C:\Documents and Settings\ASTRA\Application Data\skypePM
2008-04-27 15:21:40 0 d-------- C:\Program Files\MessengerDiscovery
2008-04-23 22:11:10 467 --a------ C:\WINDOWS\system32\Datei9
2008-04-23 22:11:10 467 --a------ C:\WINDOWS\system32\Datei8
2008-04-23 22:11:10 469 --a------ C:\WINDOWS\system32\Datei7
2008-04-23 22:11:10 465 --a------ C:\WINDOWS\system32\Datei6
2008-04-23 22:11:10 469 --a------ C:\WINDOWS\system32\Datei5
2008-04-23 22:11:10 471 --a------ C:\WINDOWS\system32\Datei4
2008-04-23 22:11:10 470 --a------ C:\WINDOWS\system32\Datei3
2008-04-23 22:11:10 471 --a------ C:\WINDOWS\system32\Datei2
2008-04-23 22:11:10 467 --a------ C:\WINDOWS\system32\Datei10
2008-04-23 22:11:10 470 --a------ C:\WINDOWS\system32\Datei1
2008-04-23 22:11:10 468 --a------ C:\WINDOWS\system32\Datei0
2008-04-20 23:27:10 0 d-------- C:\Documents and Settings\ASTRA\Application Data\Adobe
2008-04-17 17:33:02 0 d-------- C:\Program Files\Winamp
2008-04-15 22:25:36 0 d-------- C:\Program Files\ACAD2000
2008-04-15 22:23:03 0 d-------- C:\Program Files\AutoCAD 2006
2008-04-15 22:19:37 0 d-------- C:\Program Files\Common Files
2008-04-03 21:23:55 83 --a------ C:\Documents and Settings\ASTRA\Application Data\sview.ini
2008-03-22 02:44:38 0 d-------- C:\Documents and Settings\ASTRA\Application Data\MP3Rocket
2008-03-22 01:26:12 0 d-------- C:\Documents and Settings\ASTRA\Application Data\dvdcss
2008-03-13 23:45:40 0 d-------- C:\Program Files\Micro DVD Player
2008-03-13 02:51:23 0 d-------- C:\Program Files\Replay Radio 6
2008-03-13 02:51:13 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-13 02:17:41 0 d-------- C:\Program Files\Realtek
2008-03-13 02:17:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 00:49:50 0 d-------- C:\Program Files\delight software gmbh
2008-03-10 14:59:32 0 d-------- C:\Program Files\Java
2008-03-10 14:44:22 0 d-------- C:\Program Files\NetLimiter 2 Pro(2)
2008-03-10 14:44:15 0 d-------- C:\Program Files\Net Control 2
2008-03-10 01:47:15 0 d-------- C:\Program Files\LimeWire
2008-03-08 20:40:20 0 d-------- C:\Program Files\Google
2008-03-08 20:02:09 0 d-------- C:\Documents and Settings\ASTRA\Application Data\Corel
2008-03-08 19:58:17 0 d-------- C:\Documents and Settings\ASTRA\Application Data\Google
2008-03-08 18:07:40 0 d-------- C:\Documents and Settings\ASTRA\Application Data\Locktime
2008-03-07 16:14:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-05 16:56:48 146 --a------ C:\Documents and Settings\ASTRA\Application Data\AVSDVDPlayer.m3u
2008-03-05 14:28:15 0 d-------- C:\Documents and Settings\ASTRA\Application Data\DivX
2008-03-05 00:32:54 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-05 00:32:33 0 d-------- C:\Program Files\AVSMedia
2008-02-17 12:48:01 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-13 14:08:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-09 15:36:51 247 --a------ C:\speedupboot.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31BF559B-9833-4B79-AB8A-E8209F2C9A66}]
02.05.2008 15:47 280576 --a------ C:\WINDOWS\system32\iifeBuRI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}]
02.05.2008 15:00 37376 --a------ C:\WINDOWS\system32\mlJBqoPH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06.10.2006 05:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06.10.2006 05:13]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [30.01.2006 18:00]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09.10.2007 16:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [22.02.2008 20:57]
"RTHDCPL"="RTHDCPL.EXE" [29.01.2008 16:47 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 19:43 C:\WINDOWS\Alcmtr.exe]
"User Themes"="C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe" [27.06.2007 14:42]
"74fe1feb"="C:\WINDOWS\system32\qdtjmgjh.dll" [02.05.2008 20:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 07:56]
"BIBLauncher"="D:\Program Files\Business-in-a-Box\BIBLauncher.exe" [24.03.2008 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"OlofeSIJMS"=C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\WINDOWS\system32\mlJBqoPH.dll [02.05.2008 15:00 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdkpfxqw"= {2931A4FB-9751-41EE-987E-72EA0D55DA2E} - C:\WINDOWS\bdkpfxqw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBqoPH]
mlJBqoPH.dll 02.05.2008 15:00 37376 C:\WINDOWS\system32\mlJBqoPH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifeBuRI

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\speedupboot.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{729ce713-3174-11dc-80b1-0000e6db3c00}]
explore\Command- WScript.exe .\autorun.vbs
open\Command- WScript.exe .\autorun.vbs




-- Hosts -----------------------------------------------------------------------

127.0.0.2 www.youtub.com
127.0.0.3 www.mininova.org
127.0.0.4 thepiratebay.org
127.0.0.5 www.torrentspy.com
127.0.0.6 tvrss.net
127.0.0.7 www.point-blank.cc
127.0.0.8 www.bittorrent.com
127.0.0.9 isohunt.com
127.0.0.10 forum.utorrent.com
127.0.0.11 www.demons-eye.org


-- End of Deckard's System Scanner: finished at 2008-05-03 02:16:10 ------------

Edited by PhilipMK, 02 May 2008 - 06:52 PM.

  • 0

#4
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.48 MiB / 1412.16 MiB
Pagefile Memory (total/avail): 3429.68 MiB / 2858.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.66 GiB total, 15.43 GiB free.
D: is Fixed (NTFS) - 135.22 GiB total, 53.7 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Hitachi HDT725025VLA380 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.66 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 135.22 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Outpost Firewall Pro v4.0 (Agnitum) Disabled
FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"="C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe"="C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe:*:Enabled:Outpost Firewall main module"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:firefox.exe"
"C:\\INSTALL\\utorrent.exe"="C:\\INSTALL\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\utorrent.exe"="D:\\Program Files\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\ACSPMonitor\\ASMonitor.exe"="C:\\Program Files\\ACSPMonitor\\ASMonitor.exe:*:Enabled:System"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"="C:\\Program Files\\SHOUTcast\\sc_serv.exe:*:Enabled:sc_serv"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\ASTRA\\Desktop\\uTorrent.exe"="C:\\Documents and Settings\\ASTRA\\Desktop\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\utorrent-1.8-beta-9137.upx.exe"="D:\\Program Files\\utorrent-1.8-beta-9137.upx.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ASTRA\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ASTRA-10007
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ASTRA
LOGONSERVER=\\ASTRA-10007
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Autodesk Shared\;;C:\PROGRA~1\COMMON~1\AUTODE~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ASTRA\LOCALS~1\Temp
TMP=C:\DOCUME~1\ASTRA\LOCALS~1\Temp
USERDOMAIN=ASTRA-10007
USERNAME=ASTRA
USERPROFILE=C:\Documents and Settings\ASTRA
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ASTRA (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
--> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
--> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
--> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
--> MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
--> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe
ACDSee 8 --> MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Antares Autotune v3.01 --> D:\PROGRA~1\STEINB~1\VSTJOL~1\AUTOTU~1.01\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\AUTOTU~1.01\INSTALL.LOG
Antares Microphone Modeler 1.01 DirectX --> D:\PROGRA~1\STEINB~1\VSTJOL~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASAPI --> MsiExec.exe /X{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{04D8BFCA-5A75-45E1-9F74-A7E4405EAE28}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Attune 2.3.2 --> MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
AVS DVD Player version 2.4 --> "D:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
BitDefender Total Security 2008 --> MsiExec.exe /I{F4F09997-F426-4019-B29B-6F1FE74852AC}
Business-in-a-Box --> D:\Program Files\Business-in-a-Box\Installer.exe /u
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCProxy 6.6 --> "C:\CCProxy\unins000.exe"
COSMOSMotion 2007 SP0 --> MsiExec.exe /I{9BE2AFE1-617E-478F-9BE5-DABB63B4380A}
COSMOSWorks 2007 SP0 --> MsiExec.exe /I{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}
db audioware Sidechain Compressor VST v1.1.0 --> D:\PROGRA~1\STEINB~1\VSTJOL~1\SIDECH~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\SIDECH~1\INSTALL.LOG
db audioware Sidechain Gate VST v1.1.0 --> D:\PROGRA~1\STEINB~1\VSTJOL~1\SIDECH~2\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\SIDECH~2\INSTALL.LOG
DivX Codec --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DJ Mix Lite --> C:\Program Files\DJ Mix Lite\uninstall.exe
DWGeditor --> MsiExec.exe /X{F5125699-C01A-4ED8-BD3A-265DF29859FE}
EA SPORTS online 2007 --> C:\games\fifeonline\EASOUNInstaller.exe
Ease Audio Converter 4.10 --> "D:\Program Files\easetech\EaseAudioConverter\unins000.exe"
eDrawings 2007 --> MsiExec.exe /I{75FEB085-179F-4C85-B0E4-B517D2160750}
Enhanced Sound Card Driver 8.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Radio 6\irunin.ini"
FIFA 07 --> C:\games\fife2007\EAUninstall.exe
FruityLoops Studio Producer Edition v4.01 --> D:\PROGRA~1\FLSTUD~1\UNWISE.EXE D:\PROGRA~1\FLSTUD~1\INSTALL.LOG
Guitar Pro 5.0 --> "D:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
LaserJet 1018 --> C:\Program Files\Zenographics\{818D3EC7-DC4C-4280-AEC1-43E157DE907A}\Setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LimeWire 4.16.6 --> "D:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
MDI2PDF 2.4 --> "C:\Program Files\MDIConvertor\unins000.exe"
MessengerDiscovery Live 1.4.5408 --> "C:\Program Files\MessengerDiscovery\unins001.exe"
Micro DVD Player --> C:\PROGRA~1\MICROD~1\UNWISE.EXE C:\PROGRA~1\MICROD~1\INSTALL.LOG
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Audio Converter 3.06 --> "D:\Program Files\MP3 Audio Converter\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Natural Color Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
NetPeeker 3.10 --> C:\Program Files\NetPeeker\uninstall.exe cfg="C:\Program Files\NetPeeker\UNINSTALL.CFG" /all
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.0 --> "C:\Program Files\Nomad Factory\Uninstall\unins000.exe"
NomadFactory BlueVerb DRV-2080 VST RTAS v1.4 --> "C:\Program Files\Nomad Factory\BlueVerb DRV-2080\Uninstall\unins000.exe"
OpenOffice.org 2.2 --> MsiExec.exe /I{7E94A987-024E-4695-A5A0-AA073765ED27}
Overloud BREVERB VST RTAS v1.1 --> "C:\Program Files\Overloud\Uninstall\unins000.exe"
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reason 3.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Revo Uninstaller 1.30 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SolidWorks 2007 SP0 --> MsiExec.exe /I{95FCA50A-CF7D-457E-AF69-F058F8BC2844}
SolidWorks Explorer 2007 sp0 --> MsiExec.exe /I{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}
SolidWorks Installation Manager --> MsiExec.exe /X{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}
Sonalksis Plug-Ins for Windows 2.04 --> "C:\WINDOWS\unins000.exe"
Sonic Foundry ACID 3.0f --> MsiExec.exe /I{C4466935-88FD-4357-8A59-F641CECD897F}
Sonic Foundry ACID 4.0 --> MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Sonic Foundry Batch Converter 5.0b --> MsiExec.exe /I{1F9642CA-E7BC-45EF-B443-BBF5149FBD05}
Sony Sound Forge 8.0b --> MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Speed Limiter --> "C:\Program Files\delight software gmbh\Speed Limiter\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steinberg Nuendo v3.2.0.1128 --> D:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
Streamripper Plugin 1.62-beta-3 (Remove only) --> C:\Program Files\Winamp\streamripper_uninstall.exe
SwiftView Viewer --> C:\Program Files\SwiftView\svinst.exe -Uninstall
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
T-RackS 1.x --> C:\Program Files\InstallShield Installation Information\{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
URS Everything EQ Bundle v4.0 --> D:\PROGRA~1\STEINB~1\VSTPLU~1\URSINS~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTPLU~1\URSINS~1\INSTALL.LOG
vanBasco's Karaoke Player --> D:\Program Files\vanBasco's Karaoke Player\uninst.exe
VideoLAN VLC media player 0.8.6d --> D:\Program Files\VideoLAN\VLC\uninstall.exe
WaveLab Demo --> "C:\Program Files\Steinberg\WaveLab Demo\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Demo\install.log"
Waves API Collection --> D:\PROGRA~1\STEINB~1\VSTJOL~1\Logs\WAVESA~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\Logs\WAVESA~1\INSTALL.LOG
Waves Gold Processors 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EABACFC4-1CB1-438E-A418-0A3B21CD30D1}\Setup.exe" -l0x9
Waves SSL Collection v1.2 --> D:\PROGRA~1\STEINB~1\VSTJOL~1\AIRLOG~1\WAVESS~1.2\UNWISE.EXE D:\PROGRA~1\STEINB~1\VSTJOL~1\AIRLOG~1\WAVESS~1.2\INSTALL.LOG
WebTrance3.0 (деинсталиране) --> "C:\Program Files\SkyCode\WebTrance30\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type7362 / Error
Event Submitted/Written: 04/03/2008 09:23:22 PM
Event ID/Source: 6 / SwiftView
Event Description:
This TIFF file contains JPEG images. SwiftView does not support
this format. SwiftView does support JPEG files in JFIF format.

C:\internet\Internet Tehnologii\Glava4_Osnovni_Internet_tehnologii_i_servisi.tif
ICS command: "ldoc "C:\internet\Internet Tehnologii\Glava4_Osnovni_Internet_tehnologii_i_servisi.tif""

sview internal error code 2 = exit code -98

Event Record #/Type7360 / Warning
Event Submitted/Written: 04/03/2008 09:14:24 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP6Files' failed during request for component '{CC29EC81-7BC2-11D1-A921-00A0C91E2AA2}'

Event Record #/Type7358 / Warning
Event Submitted/Written: 04/03/2008 09:14:04 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP5Files' failed during request for component '{D362F5FA-9939-40E1-BC1F-EF575164DAB9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53641 / Error
Event Submitted/Written: 05/03/2008 02:09:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NSynas32 service failed to start due to the following error:
%%2

Event Record #/Type53640 / Error
Event Submitted/Written: 05/03/2008 02:08:50 AM / 05/03/2008 02:09:20 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type53636 / Error
Event Submitted/Written: 05/03/2008 02:07:53 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type53635 / Error
Event Submitted/Written: 05/03/2008 02:06:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type53634 / Error
Event Submitted/Written: 05/03/2008 01:59:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-05-03 02:16:10 ------------

Thanks for the help again
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#6
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi

I've completed this two tasks, so i'm posting the logs now:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:37, on 03.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Business-in-a-Box\BIBLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BIBLauncher] D:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKLM\..\Policies\Explorer\Run: [OlofeSIJMS] C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2546F0F1-C033-42E6-9850-969109AE9050}: NameServer = 62.162.32.8 62.162.32.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6500 bytes


=====ComboFix.txt.=====

ComboFix 08-05-01.3 - ASTRA 2008-05-03 12:33:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1459 [GMT 2:00]
Running from: C:\Documents and Settings\ASTRA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ASTRA\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\KEI
C:\Documents and Settings\All Users\Application Data\KEI\Errors.txt
C:\Documents and Settings\All Users\Application Data\KEI\KEI.dll
C:\Documents and Settings\All Users\Application Data\KEI\KEIU.exe
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIApplications_20080208.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIKeyLogger_20080208.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIKeyLogger_20080209.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIMessenger_20080208.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIScreenShot_20080208.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIScreenShot_20080209.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\KEIWeb_20080208.ikl
C:\Documents and Settings\All Users\Application Data\KEI\Reps\PrevUser.usr
C:\WINDOWS\system32\actjfayx.ini
C:\WINDOWS\system32\dbjrhnec.ini
C:\WINDOWS\system32\ffeadvnj.ini
C:\WINDOWS\system32\gcifeohh.ini
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\hjgmjtdq.ini
C:\WINDOWS\system32\iifeBuRI.dll
C:\WINDOWS\system32\IRuBefii.ini
C:\WINDOWS\system32\IRuBefii.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBqoPH.dll
C:\WINDOWS\system32\mvvueoer.ini
C:\WINDOWS\system32\qdtjmgjh.dll
C:\WINDOWS\system32\upnjnlei.ini
C:\WINDOWS\system32\x64
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 12:39 . 2008-05-03 12:39 258 --a------ C:\WINDOWS\winhelp.ini
2008-05-03 12:30 . 2008-05-03 12:31 <DIR> d-------- C:\327882R2FWJFW
2008-05-03 02:14 . 2008-05-03 02:14 <DIR> d-------- C:\Deckard
2008-05-02 19:03 . 2008-05-02 19:03 <DIR> d-------- C:\VundoFix Backups
2008-05-02 16:46 . 2008-05-03 01:35 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\TmpRecentIcons
2008-05-02 15:38 . 2008-05-02 15:39 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-02 15:01 . 2008-05-02 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\epkryfyx
2008-05-02 14:47 . 2008-05-02 14:47 325 --a------ C:\WINDOWS\NetPeek.INI
2008-05-02 14:30 . 2008-05-02 14:30 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sys
2008-05-02 14:30 . 2008-05-02 14:31 2,482 --a------ C:\WINDOWS\NETPKR.RUL.2
2008-05-02 14:30 . 2005-06-26 18:27 2,482 --a------ C:\WINDOWS\NETPKR.RUL.1
2008-05-02 14:30 . 2008-05-02 14:31 2,482 --a------ C:\WINDOWS\NETPKR.RUL
2008-04-27 15:21 . 2008-04-27 15:21 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-24 23:20 . 2008-04-24 23:20 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\sldIM
2008-04-15 22:33 . 2008-04-15 22:33 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorksNewsReader
2008-04-15 22:32 . 2008-04-15 22:32 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\DassaultSystemes
2008-04-15 22:32 . 2008-04-15 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-15 22:30 . 2008-05-01 23:06 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorks
2008-04-15 22:24 . 2008-04-15 22:24 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\DWGeditor
2008-04-15 22:23 . 2008-04-15 22:23 <DIR> d-------- C:\Program Files\SolidWorks Installation Manager
2008-04-15 22:23 . 2008-04-24 23:24 <DIR> d-------- C:\Program Files\DWGeditor
2008-04-15 22:23 . 2008-04-15 22:23 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-04-15 22:22 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-15 22:22 . 2008-04-15 22:22 23 --ah----- C:\WINDOWS\yacht.xws
2008-04-15 22:19 . 2008-04-15 22:23 <DIR> d-------- C:\Program Files\Common Files\eDrawings2007
2008-04-15 22:12 . 2008-04-15 22:30 <DIR> d-------- C:\Program Files\SolidWorks
2008-04-15 22:12 . 2008-04-15 22:25 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-04-15 22:12 . 2008-04-15 22:12 <DIR> d-------- C:\Program Files\Common Files\Solidworks Data
2008-04-15 22:11 . 2008-04-15 22:11 42 --a------ C:\WINDOWS\trailer.xws
2008-04-14 17:41 . 2008-04-14 17:41 <DIR> d-------- C:\Program Files\uTorrent
2008-04-14 17:40 . 2008-05-02 16:22 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\uTorrent
2008-04-14 17:25 . 2008-04-14 17:25 <DIR> d-------- C:\D
2008-04-14 17:25 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-08 00:33 . 2008-04-24 11:41 <DIR> d-------- C:\Program Files\Soulseek
2008-04-07 17:13 . 2008-04-07 17:13 <DIR> d-------- C:\Program Files\Business-in-a-Box
2008-04-03 21:42 . 2008-04-03 21:42 <DIR> d-------- C:\Program Files\MDIConvertor
2008-04-03 21:42 . 2003-06-18 18:31 1,033,216 --a------ C:\WINDOWS\system32\MSPCORE.DLL
2008-04-03 21:42 . 2004-12-23 18:46 882,688 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2008-04-03 21:42 . 2003-06-18 18:31 443,904 --a------ C:\WINDOWS\system32\MDIVWCTL.DLL
2008-04-03 21:42 . 1999-08-18 10:54 180,224 --a------ C:\WINDOWS\system32\ijl11.dll
2008-04-03 21:42 . 2003-06-18 18:31 16,384 --a------ C:\WINDOWS\system32\MSPGIMME.DLL
2008-04-03 21:22 . 2008-04-03 21:22 212 ---h----- C:\Documents and Settings\ASTRA\Application Data\srfvdo.dat
2008-04-03 21:21 . 2008-04-03 21:22 <DIR> d-------- C:\Program Files\SwiftView
2008-04-03 21:21 . 2008-04-03 21:21 0 --a------ C:\WINDOWS\system32\srfvdo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 00:00 2,478 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-02 12:46 --------- d-----w C:\Program Files\NetPeeker
2008-05-01 22:03 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\LimeWire
2008-05-01 19:39 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Skype
2008-05-01 19:38 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\skypePM
2008-04-27 13:21 --------- d-----w C:\Program Files\MessengerDiscovery
2008-04-17 15:33 --------- d-----w C:\Program Files\Winamp
2008-04-15 20:25 --------- d-----w C:\Program Files\ACAD2000
2008-04-15 20:23 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-22 00:44 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\MP3Rocket
2008-03-21 23:26 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\dvdcss
2008-03-13 21:45 --------- d-----w C:\Program Files\Micro DVD Player
2008-03-13 00:51 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-13 00:51 --------- d-----w C:\Program Files\Replay Radio 6
2008-03-13 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 00:17 --------- d-----w C:\Program Files\Realtek
2008-03-12 22:49 --------- d-----w C:\Program Files\delight software gmbh
2008-03-10 12:59 --------- d-----w C:\Program Files\Java
2008-03-10 12:44 --------- d-----w C:\Program Files\NetLimiter 2 Pro(2)
2008-03-10 12:44 --------- d-----w C:\Program Files\Net Control 2
2008-03-09 23:47 --------- d-----w C:\Program Files\LimeWire
2008-03-08 18:40 --------- d-----w C:\Program Files\Google
2008-03-08 18:02 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Corel
2008-03-08 16:07 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Locktime
2008-03-08 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime
2008-03-07 14:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-06 15:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 12:28 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\DivX
2008-03-04 22:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-04 22:32 --------- d-----w C:\Program Files\AVSMedia
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 -c--a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 -c--a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-13 12:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-09 13:36 247 ----a-w C:\speedupboot.bat
2007-11-16 19:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-18 15:57 7 ----a-w C:\Documents and Settings\ASTRA\Application Data\bin.dll
2007-07-14 21:06 56 --sh--r C:\WINDOWS\system32\72B7BC5B75.sys
2007-07-14 21:06 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"BIBLauncher"="D:\Program Files\Business-in-a-Box\BIBLauncher.exe" [2008-03-24 14:18 431320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 05:11 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 05:13 114688]
"User Themes"="C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe" [2007-06-27 14:42 163328]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00 98304]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 20:57 360448]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"OlofeSIJMS"= C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\speedupboot.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NetPeeker;NetPeeker;C:\WINDOWS\system32\Drivers\NetPeeker.sys [2008-05-02 14:30]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 18:16]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S3 Dri910rvvsbi;Dri910rvvsbi;C:\WINDOWS\system32\drivers\rdpcdd.sys [2001-08-23 12:00]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:20:46 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 10:49:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-03 10:39:14 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-21 02:00:24 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 12:39:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\winhelp.ini 32 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
.
**************************************************************************
.
Completion time: 2008-05-03 12:43:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 10:43:38

Pre-Run: 16,491,696,128 bytes free
Post-Run: 16,339,890,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

251 --- E O F --- 2008-02-17 02:03:28

After performing this two tasks, I've noticed that my PC is in good shape now :)
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [OlofeSIJMS] C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
C:\Documents and Settings\All Users\Application Data\epkryfyx

DirLook::
C:\327882R2FWJFW
C:\D

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#8
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello

This is the log from ComboFix:

ComboFix 08-05-01.3 - ASTRA 2008-05-03 13:21:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1460 [GMT 2:00]
Running from: C:\Documents and Settings\ASTRA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ASTRA\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\epkryfyx
C:\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 02:14 . 2008-05-03 02:14 <DIR> d-------- C:\Deckard
2008-05-02 19:03 . 2008-05-02 19:03 <DIR> d-------- C:\VundoFix Backups
2008-05-02 16:46 . 2008-05-03 01:35 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\TmpRecentIcons
2008-05-02 15:38 . 2008-05-02 15:39 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-02 14:47 . 2008-05-02 14:47 325 --a------ C:\WINDOWS\NetPeek.INI
2008-05-02 14:30 . 2008-05-02 14:30 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sys
2008-05-02 14:30 . 2008-05-02 14:31 2,482 --a------ C:\WINDOWS\NETPKR.RUL.2
2008-05-02 14:30 . 2005-06-26 18:27 2,482 --a------ C:\WINDOWS\NETPKR.RUL.1
2008-05-02 14:30 . 2008-05-02 14:31 2,482 --a------ C:\WINDOWS\NETPKR.RUL
2008-04-27 15:21 . 2008-04-27 15:21 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-24 23:20 . 2008-04-24 23:20 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\sldIM
2008-04-15 22:33 . 2008-04-15 22:33 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorksNewsReader
2008-04-15 22:32 . 2008-04-15 22:32 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\DassaultSystemes
2008-04-15 22:32 . 2008-04-15 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-04-15 22:30 . 2008-05-01 23:06 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\SolidWorks
2008-04-15 22:24 . 2008-04-15 22:24 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\DWGeditor
2008-04-15 22:23 . 2008-04-15 22:23 <DIR> d-------- C:\Program Files\SolidWorks Installation Manager
2008-04-15 22:23 . 2008-04-24 23:24 <DIR> d-------- C:\Program Files\DWGeditor
2008-04-15 22:23 . 2008-04-15 22:23 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-04-15 22:22 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-15 22:22 . 2008-04-15 22:22 23 --ah----- C:\WINDOWS\yacht.xws
2008-04-15 22:19 . 2008-04-15 22:23 <DIR> d-------- C:\Program Files\Common Files\eDrawings2007
2008-04-15 22:12 . 2008-04-15 22:30 <DIR> d-------- C:\Program Files\SolidWorks
2008-04-15 22:12 . 2008-04-15 22:25 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-04-15 22:12 . 2008-04-15 22:12 <DIR> d-------- C:\Program Files\Common Files\Solidworks Data
2008-04-15 22:11 . 2008-04-15 22:11 42 --a------ C:\WINDOWS\trailer.xws
2008-04-14 17:41 . 2008-04-14 17:41 <DIR> d-------- C:\Program Files\uTorrent
2008-04-14 17:40 . 2008-05-02 16:22 <DIR> d-------- C:\Documents and Settings\ASTRA\Application Data\uTorrent
2008-04-14 17:25 . 2008-04-14 17:25 <DIR> d-------- C:\D
2008-04-14 17:25 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-08 00:33 . 2008-04-24 11:41 <DIR> d-------- C:\Program Files\Soulseek
2008-04-07 17:13 . 2008-04-07 17:13 <DIR> d-------- C:\Program Files\Business-in-a-Box
2008-04-03 21:42 . 2008-04-03 21:42 <DIR> d-------- C:\Program Files\MDIConvertor
2008-04-03 21:42 . 2003-06-18 18:31 1,033,216 --a------ C:\WINDOWS\system32\MSPCORE.DLL
2008-04-03 21:42 . 2004-12-23 18:46 882,688 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2008-04-03 21:42 . 2003-06-18 18:31 443,904 --a------ C:\WINDOWS\system32\MDIVWCTL.DLL
2008-04-03 21:42 . 1999-08-18 10:54 180,224 --a------ C:\WINDOWS\system32\ijl11.dll
2008-04-03 21:42 . 2003-06-18 18:31 16,384 --a------ C:\WINDOWS\system32\MSPGIMME.DLL
2008-04-03 21:22 . 2008-04-03 21:22 212 ---h----- C:\Documents and Settings\ASTRA\Application Data\srfvdo.dat
2008-04-03 21:21 . 2008-04-03 21:22 <DIR> d-------- C:\Program Files\SwiftView
2008-04-03 21:21 . 2008-04-03 21:21 0 --a------ C:\WINDOWS\system32\srfvdo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 00:00 2,478 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-02 12:46 --------- d-----w C:\Program Files\NetPeeker
2008-05-01 22:03 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\LimeWire
2008-05-01 19:39 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Skype
2008-05-01 19:38 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\skypePM
2008-04-27 13:21 --------- d-----w C:\Program Files\MessengerDiscovery
2008-04-17 15:33 --------- d-----w C:\Program Files\Winamp
2008-04-15 20:25 --------- d-----w C:\Program Files\ACAD2000
2008-04-15 20:23 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-22 00:44 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\MP3Rocket
2008-03-21 23:26 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\dvdcss
2008-03-13 21:45 --------- d-----w C:\Program Files\Micro DVD Player
2008-03-13 00:51 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-13 00:51 --------- d-----w C:\Program Files\Replay Radio 6
2008-03-13 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 00:17 --------- d-----w C:\Program Files\Realtek
2008-03-12 22:49 --------- d-----w C:\Program Files\delight software gmbh
2008-03-10 12:59 --------- d-----w C:\Program Files\Java
2008-03-10 12:44 --------- d-----w C:\Program Files\NetLimiter 2 Pro(2)
2008-03-10 12:44 --------- d-----w C:\Program Files\Net Control 2
2008-03-09 23:47 --------- d-----w C:\Program Files\LimeWire
2008-03-08 18:40 --------- d-----w C:\Program Files\Google
2008-03-08 18:02 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Corel
2008-03-08 16:07 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\Locktime
2008-03-08 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime
2008-03-07 14:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-06 15:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 12:28 --------- d-----w C:\Documents and Settings\ASTRA\Application Data\DivX
2008-03-04 22:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-04 22:32 --------- d-----w C:\Program Files\AVSMedia
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 -c--a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 -c--a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-13 12:08 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-09 13:36 247 ----a-w C:\speedupboot.bat
2007-11-16 19:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-18 15:57 7 ----a-w C:\Documents and Settings\ASTRA\Application Data\bin.dll
2007-07-14 21:06 56 --sh--r C:\WINDOWS\system32\72B7BC5B75.sys
2007-07-14 21:06 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\327882R2FWJFW ----

C:\327882R2FWJFW\

---- Directory of C:\D ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"BIBLauncher"="D:\Program Files\Business-in-a-Box\BIBLauncher.exe" [2008-03-24 14:18 431320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 05:11 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 05:13 114688]
"User Themes"="C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe" [2007-06-27 14:42 163328]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00 98304]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 20:57 360448]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\speedupboot.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NetPeeker;NetPeeker;C:\WINDOWS\system32\Drivers\NetPeeker.sys [2008-05-02 14:30]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 18:16]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S3 Dri910rvvsbi;Dri910rvvsbi;C:\WINDOWS\system32\drivers\rdpcdd.sys [2001-08-23 12:00]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:20:46 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 10:49:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-03 10:39:14 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-21 02:00:24 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 13:22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-05-03 13:23:34
ComboFix-quarantined-files.txt 2008-05-03 11:23:22
ComboFix2.txt 2008-05-03 10:43:52

Pre-Run: 16,325,222,400 bytes free
Post-Run: 16,304,320,512 bytes free

194 --- E O F --- 2008-02-17 02:03:28


and the log from hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:24, on 03.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Business-in-a-Box\BIBLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\ASTRA-10007\svchost.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BIBLauncher] D:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2546F0F1-C033-42E6-9850-969109AE9050}: NameServer = 62.162.32.8 62.162.32.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6306 bytes
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#10
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I run Malwarebytes' Anti-Malware and here is the result of scanning:

Malwarebytes' Anti-Malware 1.11
Database version: 711

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 216367
Time elapsed: 2 hour(s), 33 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2ed7cd5f-aee2-4b09-82f4-c96eb7c02c87} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cde7971-1026-41ae-9818-31a9e5779441} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45d353a9-fa31-4a2f-90c4-11a338a4d9d4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8dfbeb7-935f-4dc6-a9f9-dbdd0d32e54c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Rotator.Gizmo2 (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adssite.ad (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wxdbpfvo.bqew (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\epkryfyx\ipuzixap.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJBqoPH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB6D48B2-EA6C-4DC3-B965-5630A3CD4D03}\RP286\A0096388.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB6D48B2-EA6C-4DC3-B965-5630A3CD4D03}\RP286\A0096390.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB6D48B2-EA6C-4DC3-B965-5630A3CD4D03}\RP288\A0096474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB6D48B2-EA6C-4DC3-B965-5630A3CD4D03}\RP289\A0096558.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

By the way, no problems are appeared.I think my PC is in good condition now. :)
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
PhilipMK

PhilipMK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Well, thanks a lot for the help, and advices you gave me for better protection :) .

I wish you success in fighiting with malware and other malicious software.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP